In this post I will show you how to lock computers in domain via group policy. Using group policy you can lock computers after specific interval of time or after specific duration of inactivity on the computer.
In most organizations the employees are advised to lock their computer before they step away from it. This is because without locking the computer, some one could access it.
With the help of group policy the administrator can define settings to automatically lock the computer after the specified amount of minutes. This will prevent the unauthorized access to the computer even though the employees forget to lock their computers.
Most companies have a branded screen saver that displays their company logo along with company information. In this post I will use a screen saver that comes with windows operating system.
We will configure it in a way that after the inactivity timeout on the computer, the computer gets locked. The screen saver is displayed.
When the user clicks on screen saver, the computer prompts user to enter the credentials to login. Windows server 2008 R2 comes with few inbuilt screen savers, we will be using one of them.
Screen Save location – C:\Windows\WinSxS folder. Navigate to this folder and look for .scr files.
Once you have found the screen saver, copy the screen saver file to a shared folder. The clients will pick up the screen saver from this location.
Lock Computers In Domain Via Group Policy
Using group policy, we will see how to lock domain computers.
- Open the Group Policy Management.
- Right click the domain and click on Create a GPO in this domain and link it here.
- Provide a name to the policy such as Screensaver Policy and click OK.
Right click the Screen saver policy and click Edit.
The Group Policy Management Editor opens in a new window. Now expand User Configuration > Policies > Administrative Templates > Control Panel. Click Personalization. We will configure the policy settings now.
First all all let’s deal with screen save timeout setting. Double click on Screen saver timeout policy setting.
Next double click the policy setting Force specific screen saver. This setting if enabled displays the screen saver specified in the policy setting.
Enable this policy and provide the screen saver patch. Click Apply and OK.
Double click the setting Enable Screen saver, click Enabled. This setting enables the screen saver. Before you enable this setting you must specify the screen saver executable path and screen saver timeout.
Double click the setting Password protect the screen saver and click Enabled. This setting will make all the screen savers password protected.
Using this policy we enable password protection on screen saver. Therefore ensure you have enabled the policy setting Enable screen saver and Screen saver timeout. Click Apply and OK.