Its a best practice to lock the workstation whenever you are stepping away from the desk, whether its for few minutes or few hours. But, we know that this practice is not 100% followed leaving the workstation not secured / exposed for information leak. Therefore, you can create a Group Policy to automatically lock users workstation after X minutes of inactivity. X can be any value between 1 second to maximum of 86,400 Seconds (24 hours). Lets see how it can be configured.
Steps to create a group policy to lock user’s workstation
Please follow below steps to create a group policy object in Active directory.
- Create a new Group Policy e.g. Workstation_AutoLock_Policy.
- Edit the Group Policy -> User Configuration -> Policies -> Administrative Templates -> Control Panel -> Personalization
- Configure the settings:
- Enable Screen Saver: Enabled
- Password Protect the screen saver: Enabled
- Screen Saver timeout: Enabled
- Number of Seconds to wait to enable the screen saver: 1200 seconds (20 minutes)
- Go to Computer Configuration -> Policies -> Administrative Templates -> System -> group Policy -> Configure user Group Policy loopback processing mode: Enabled, Mode: Merge
- Link the Group Policy to the Organization Unit where all the computers/Workstations accounts are existing e.g. Computers OU or Workstations OU.
- Run Gpupdate /force on the workstation.
- To confirm the Group Policy getting applied on the target workstation. Go to Start -> Type Run -> In the Run box type rsop.msc to check the resultant set of policies. You should be able to see the settings getting applied as shown in below screenshot. If not, try running gpupdate /force on the command prompt or restarting the workstation.
