Create Group Policy to Lock User’s Workstation after 20 minutes of inactivity (Windows 10)

Its a best practice to lock the workstation whenever you are stepping away from the desk, whether its for few minutes or few hours. But, we know that this practice is not 100% followed leaving the workstation not secured / exposed for information leak. Therefore, you can create a Group Policy to automatically lock users workstation after X minutes of inactivity. X can be any value between 1 second to maximum of 86,400 Seconds (24 hours). Lets see how it can be configured.

  1. Create a new Group Policy e.g. Workstation_AutoLock_Policy.
  2. Edit the Group Policy -> User Configuration -> Policies -> Administrative Templates -> Control Panel -> Personalization
  3. Configure the settings:

Enable Screen Saver: Enabled

Password Protect the screen saver: Enabled

Screen Saver timeout: Enabled

Number of Seconds to wait to enable the screen saver: 1200 seconds (20 minutes)

Group Policy to Lock User's Workstation

4. Go to Computer Configuration -> Policies -> Administrative Templates -> System -> group Policy -> Configure user Group Policy loopback processing mode: Enabled, Mode: Merge

Group Policy to Lock User's Workstation

4. Link the Group Policy to the Organization Unit where all the computers/Workstations accounts are existing e.g. Computers OU or Workstations OU.

5. Run Gpupdate /force on the workstation.

6. To confirm the Group Policy getting applied on the target workstation. Go to Start -> Type Run -> In the Run box type rsop.msc to check the resultant set of policies. You should be able to see the settings getting applied as shown in below screenshot. If not, try running gpupdate /force on the command prompt or restarting the workstation.

Group Policy to Lock User's Workstation

Leave a Comment