none
Mix of 2 group policy bug

    Question

  • Hey guys,

    Not sure i'm in the right section to submit a bug between 2 gpo's. If i'm not in the right section, please let me know how to send the information to Microsoft for a future patch. I recently found this while working on Windows 10 but it's also applying to Windows 7 and probably to Win8 as well.

    The GPO

    --> "Password protect the screen saver" under User Configuration/Policies/Administrative Template/Control Panel/Personalization

    will never trigger if the GPO

    --> "Remove Lock Computer" is enabled under User Configuration/Policies/Administrative Template/System/Atrl+Alt+Del Options

    Regards,

    Friday, February 12, 2016 8:32 PM

Answers

  • Hi,
     
    Am 12.02.2016 um 21:32 schrieb Ian Gaulin:
    > --> "*Password protect the screen saver*"
    > will never trigger if the GPO
    > --> "*Remove Lock Computer*" is enabled under User
     
    Right. But this is not a bug, that´s simply logic.
     
    Take a look at the explian of the policy:
    This policy setting prevents users from Locking the system.
     
    "Remove Lock" is not just removing the "lock computer" entry in the
    ctrl-alt-del dialog, it removes the ENTIRE(!!11!) LOCK function at any
    place of the system (e.g no Win-L possible)
     
    So, if no LOCK at all is possible, how should screensaver lock the
    screen? You can only use energysaving, but no lock.
     Mark
     --
    Mark Heitbrink - MVP Windows Server - Group Policy
     
    GPO Tool: http://www.reg2xml.com - Registry Export File Converter
     
    Sunday, February 14, 2016 5:09 PM
  • “Remove Lock Computer” group policy will actually add below registry key to the client machine:
     
    Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Value Name: DisableLockWorkstation
    Value Data: 1
     
    From the value name, you can tell that this will actually disable the entile lock workstation functionality including the Windows+L combination. 
     
    I would agree with the explanation shared by Mark above, it's the correct behavior.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Marked as answer by Ian Gaulin Monday, February 15, 2016 1:08 PM
    Monday, February 15, 2016 5:33 AM
    Moderator

All replies

  • to submit a bug report, go to connect.microsoft.com

    you may not find all products are "open" for bug reports via the connect website

    you can also log a support ca$e which may end up being considered as a bug report, or, may be correlated to an existing bug report


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Saturday, February 13, 2016 6:08 AM
  • Hi,
     
    Am 12.02.2016 um 21:32 schrieb Ian Gaulin:
    > --> "*Password protect the screen saver*"
    > will never trigger if the GPO
    > --> "*Remove Lock Computer*" is enabled under User
     
    Right. But this is not a bug, that´s simply logic.
     
    Take a look at the explian of the policy:
    This policy setting prevents users from Locking the system.
     
    "Remove Lock" is not just removing the "lock computer" entry in the
    ctrl-alt-del dialog, it removes the ENTIRE(!!11!) LOCK function at any
    place of the system (e.g no Win-L possible)
     
    So, if no LOCK at all is possible, how should screensaver lock the
    screen? You can only use energysaving, but no lock.
     Mark
     --
    Mark Heitbrink - MVP Windows Server - Group Policy
     
    GPO Tool: http://www.reg2xml.com - Registry Export File Converter
     
    Sunday, February 14, 2016 5:09 PM
  • “Remove Lock Computer” group policy will actually add below registry key to the client machine:
     
    Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Value Name: DisableLockWorkstation
    Value Data: 1
     
    From the value name, you can tell that this will actually disable the entile lock workstation functionality including the Windows+L combination. 
     
    I would agree with the explanation shared by Mark above, it's the correct behavior.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Marked as answer by Ian Gaulin Monday, February 15, 2016 1:08 PM
    Monday, February 15, 2016 5:33 AM
    Moderator
  • Make sense.. Thought it would only remove the entry from the menu and not disable the entire function.

    Took me a couple hours to figure out which GPO was preventing the lock of the screen from the screen saver.

    Thanks

    Monday, February 15, 2016 1:10 PM