none
Lock PC if user is locked out

    General discussion

  • Is there a GPO method of locking the PC down if a user is on and locks themselves out?

    We have users who may work for a while even though they are locked out and certain services will cease to function.

    I would like a method where if trhey lock themselves out it locks their PC and they would contact IT

    Monday, January 30, 2017 4:02 PM

All replies

  • Am 30.01.2017 um 17:02 schrieb atest850:
    > Is there a GPO method of locking the PC down if a user is on and
    > locks themselves out?
     
    What should be the benefit? Where is your idea of a difference, between
    lockout and restart/login new?
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Monday, January 30, 2017 8:24 PM
  • The benefit would be that as soon as they are locked out it would either lock them out or request for a new login...

    What do you mean by restart/login new?

    Monday, January 30, 2017 9:56 PM
  • Am 30.01.2017 um 22:56 schrieb atest850:
    > The benefit would be that as soon as they are locked out it would either
    > lock them out or request for a new login...
     
    You want to disable the "re-connect" to an existend session? They always
    should have a new session? What for?
     If I go to toilet, I lock my PC, I would like to get into my open docs
    again.
     Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Tuesday, January 31, 2017 5:10 PM
  • Sorry...I mean when a user inputs their password 3 wrong attempts we have a GPO to lock out their AD account.

    I wanted a policy/method that if they were locked out of their AD account it would lock the screen on the PC they are on

    Tuesday, January 31, 2017 10:05 PM
  • Hi,
     
    Am 31.01.2017 um 23:05 schrieb atest850:
    > I wanted a policy/method that if they were locked out of their AD
    > account it would lock the screen on the PC they are on
    The client does not know, that the user is locked, the user can not
    perform the action, to change the picture, because he is locked.
     
    The DC who counts the password and locks the system is the own who know
    and who replicates the settings immediatly.
     
    You can script it and create task based on the event on every DC. If a
    lock appears, change screen on the "%computername% mentioned in
    eventlog. Hopping the system is reachable by RPC to change remote
    registry and picture ...
     
    Mark
     
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Wednesday, February 1, 2017 5:49 PM