GPO : configure automatic session locking

Presentation

In this tutorial, we will see how to activate automatic session locking after a period of inactivity.

This group policy increases the level of security, because many users do not lock their session when they leave their workstation.

The parameters that we will configure apply to Users.

Activate automatic session lock

From a domain controller, open the Group Policy Management console, right click 1 on the OU where the policy should be applied and click on Create a GPO in this domain, and link it here < <2.

New stratégy

Name 1 the strategy and click OK 2.

name the strategy

Now the strategy has been added, right click on 1 and click on Edit 2.

Edit strategy

Go to the User Configuration / Policies / Administrative Templates / Control Panel / Personalization location to access the parameters to configure.

Location of settings

Open the Enable setting the standby screen and activate 1.

Enable screen saver

Open the Screen saver timeout parameter, activate the 1 and configure the duration in seconds 2 of inactivated before locking.

Delay inactivity

Open the parameter Force a specific screen saver, activate the 1 and configure the following file: C: \ Windows \ System32 \ scrnsave.scr 2.

Configure screeensaver

Open the parameter A password protects the screen saver and activate 1.

Screensave with password

The settings for automatic session locking are configured.

Parameter overview

Summary of the strategy:

Overview of the strategy

When users have the policy applied, the session will be locked automatically after 15 minutes of inactivity.

On a very small number of users, it is possible that the session will lock after a shorter delay. I did not find the cause for this problem. To solve the problem, I recreated the session on the computer.




Leave a Comment