Jason- What security context is the task running in? Windows has the notion of WindowsStations which represent the user's active shell session, or something roughly approximating that. The interactive user's WindowsStation is going to be different from, say, LocalSystem's. I suspect that could be part of the problem. Security context matters a lot in this kind of situation.
Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 2:01 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager The problem is that I am adding arguments to the rundll.exe that tell it to lock the workstation. Just having scheduler run the rundll.exe won't do anything. As I pointed out, though, the scheduled task runs just fine from my workstation. The same set up on a test machine with a standard user account doesn't work from the task scheduler, but does work if I double click directly on the shortcut on the network share. ----- Original Message ----- From: "Gil Kirkpatrick" <[EMAIL PROTECTED]> To: <ActiveDir@mail.activedir.org> Sent: Monday, February 07, 2005 2:48 PM Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager I doubt that the task scheduler can run a shortcut... Shortcuts are a shell function. Can you run the .exe directly from the scheduler instead of running the shortcut? -gil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, February 07, 2005 2:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Jason, I'm sure that there's a good reason for not wanting to use the enable screen saver option, but I'm curious as to why you want to do that actual LockWorkStation function. Is it an academic exercise, or is there something more to it? Just simply curious... -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 3:25 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Objective: Use Group Policy to force workstations to lock after 60 minutes of inactivity. Well, I know that there's no way to easily do this by using a GPO. Most admins just use the GPO settings to enable a screensaver and password for it, however, I really want to lock the workstation instead. The only way I can figure to do this is to create a scheduled task and then somehow assign it using a GPO. Now, I set up a shortcut that has the target as: "C:\WINDOWS\system32\rundll32.exe user32.dll,LockWorkStation" as all of our workstations have the same windows directory, I didn't need to use %windir%, and all run Windows XP SP2. After making that shortcut, and saving it to a share that's accessable by all users (read-only), if I run it from there, it will lock the workstation, just as if the user manually locked it. Now, the trick is getting it to run when the workstation is idle for 60 minutes. I set up a task in task scheduler to point to the shortcut on the network share. I then set the properties on that task to only start if the computer has been idle for at least 60 minutes. Now, if I manually run that task on my workstation (I have admin rights), it works just fine. Doing the same thing (setting up the task the exact same way) on a test machine returns a "Could not start" in the task scheduler, but if I manually run the shortcut from the network share, it locks the workstation as it should. Our users have restricted-user privs on the local workstation (we don't give out Power User or Admin rights to them) - could this be a reason for it not working, or am I just missing something obvious here? Thanks. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
