Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Lock out a user after 2 minutes, no screensaver

Status
Not open for further replies.
captaincrunch00

captaincrunch00

IS-IT--Management
Mar 8, 2004
582
US
Hi there, I'm looking for a way I can lock a users desktop (like the password protect on resume thing) after 2 minutes.

I dont want to use a screensaver, I dont want to lock EVERY user, I just want to lock one persons desktop so they need to enter a password if there is no activity in 2 minutes.

Are there any ways of doing this without a screensaver and without doing this to every single user that uses the server?

Thanks
 
Sort by date Sort by votes
You could have a policy that effects just one user either by having the user in their own OU or using security filtering. You can set the screen to lock after 2 mins but don't specify a screensaver, the workstation will just lock and the user will need to enter a password.
 
Upvote 0 Downvote
I'm looking at that, but it needs a valid screensaver in order to run, and I dont want a screensaver. A screensaver sends info to the PC across my WAN. That is a lot of data doing nothing but making my routers and switches work.

I dont want a screensaver, I just want it to password protect the station.
 
Upvote 0 Downvote
Like i say set the screensaver part of the policy to disabled and the station just locks without displaying a screensaver. I use it that way here and it works test it and you will see.
 
Upvote 0 Downvote
I have set

Screen saver - Enabled
Screen save exe name - Disabled
Password Protect - Enabled
Screen saver timeout 900

At that time the screen locks but without a screensaver.
 
Upvote 0 Downvote
So there are 4 things I need to change in the GPO.

Screensaver
Screensaver Executable Name
Password Protect Screensaver
Screensaver Timeout

If I'm understanding you right, I'd set the screensaver to disabled, doesnt matter what executable name I give it, enable password protect, and set the timeout for 2 minutes?


That works?
It says if I put the screensaver to disabled it wont matter what the other policy settings are and wont read them I thought.

Waiting on confirmation before I do this, and thanks for all the advice!
 
Upvote 0 Downvote
You are good at what you do, worked perfectly. Thanks!

I'll stop doubting now.
 
Upvote 0 Downvote
Well, good times... That was a horrible failure. I'm going to cry.

That locked out every single user that logs into that server after 2 minutes even though only the GPO is applied to one OU which only has one username in it.

Also, now that I've taken out the GPO and set everything back to the way it was, it still locks everyone out after 2 minutes.

Save me Porkchop!
 
Upvote 0 Downvote
Where is the GPO located you must of applied it at the wrong level in active directory. You didn't set it in the domain policy did you?

If you reaply the policy but set screensaver to disabled it will be undone, remember that the PC's oly reapply the policy every 90 mins by default of when the user logs on.
 
Upvote 0 Downvote
I only applied it to the OU that had the username in it.

I think I fixed it by some kind of freakshow magic. (Restarted the server, and did a GPUpdate)

 
Upvote 0 Downvote
So you had an OU just like the Winnipeg OU in the e.g. image below and specifically attached a policy at this level and this policy was definatly not attached to any other OU's.

Using%20Logon%20Scripts%20Figure%2031102332792303.jpg


I'd be tempted to create a new policy for testing.
 
Upvote 0 Downvote
Yeah, I had an OU just like that one with only one username in there. I had a policy attached to that OU only, and that policy had the screensaver stuff.

It affected everyone on the Terminal Server. I took out the policy, gpupdate, restarted server, put in a new policy and now it seems to be working.

Thanks for sticking with this Choppy!
 
Upvote 0 Downvote
I would get a copy of the GPMC and install it on your admin PC this will enable you to view exactly where the policy is applying to. The policy must either be applied somewhere further up the chain or user loopback is somehow enabled on the TS OU.

In the GPMC you can see what OU's a policy is applied to using the 'Scope' tab and you can generate a HTML file that shows only active settings using the 'Settings' tab. With this you can soon see exactly what is happening.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
773
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
304
penguinroundup
penguinroundup
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
901
suncit
suncit
Theo2k
  • Locked
  • Question
RDS 2016
Replies
0
Views
500
Theo2k
Theo2k
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top