Windows 10 Pro Lock Screen Group Policy

Hi,

starting with Windows 10 (1607 I think) screen saver GPOs are completely skipped in Windows PRO domain joined. I think it happens due to screen control panel is switched off in newer builds. At least this is was information i have received when trying to test screen saver in my 1803 build:

Screen saver control panel was disabled by administrator

To workaround this issue and enable automatic locking of the workstation in Windows 10 Pro you need to configure Group Policy Object for Computer, set the following option to enabled and provide time-out for workstation lock:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Interactive logon: Machine inactivity limit

Check the check box to enable and provide time-out. Microsoft states that restart is required, but in my Opinion if the scope is not restricted to a group that computer was added after rebooting, simple

gpupdate /force

should do. It did in my case. Now my domain joined computers lock themselves again

Full description of the setting:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit

 

By |2018-09-05T09:56:57+00:00June 20th, 2018|Active Directory, GPO, Windows 10, Windows Server|0 Comments

About the Author:

I am passionate about Systems Administration. I like to face new challenges and test new environments.Windows and Linux Debian boxes (both physical and virtual) are my favourites. I like solving problems related to Windows Server roles and services as well as Linux but some distributions in particular. I'm not considering myself as Linux master but surely, I always do my best to fit the needs. On the other hand I consider myself as a Windows Server Professional and in terms of WS and Windows Desktops I always follow best practices, good advices and opinions from other admins.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.