There is a dependency in the GPO elements - you can enable the Screen Saver requirement, but it won't come active if you haven't chosen a screen saver that is available on the target machine(s).
Also, the screen saver timeout must be set to a non-zero value. -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: Monday, February 07, 2005 5:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager No. You can set the requirement to password lock the screensaver separate from the chosen screensaver. Although, I haven't seen what will happen if you force the screensaver to lock, but don't have a screensaver chosen. Dave //SIGNED// ------------------------------------------------ David J. Perdue Network Security Engineer, InDyne Inc Comm: (805) 606-4597 DSN: 276-4597 ------------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 15:16 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Wouldn't enabling a password protected screensaver require a universal screensaver password for all users? ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <ActiveDir@mail.activedir.org> Sent: Monday, February 07, 2005 3:20 PM Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager I'm still confused how this is different than a screensaver and password? marcus c. oh \\.\core technologies\cox communications, inc. \\.\mvp\windows server systems\management [v] 404.847.6117 [c] 404.391.7097 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 5:01 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager The problem is that I am adding arguments to the rundll.exe that tell it to lock the workstation. Just having scheduler run the rundll.exe won't do anything. As I pointed out, though, the scheduled task runs just fine from my workstation. The same set up on a test machine with a standard user account doesn't work from the task scheduler, but does work if I double click directly on the shortcut on the network share. ----- Original Message ----- From: "Gil Kirkpatrick" <[EMAIL PROTECTED]> To: <ActiveDir@mail.activedir.org> Sent: Monday, February 07, 2005 2:48 PM Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager I doubt that the task scheduler can run a shortcut... Shortcuts are a shell function. Can you run the .exe directly from the scheduler instead of running the shortcut? -gil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, February 07, 2005 2:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Jason, I'm sure that there's a good reason for not wanting to use the enable screen saver option, but I'm curious as to why you want to do that actual LockWorkStation function. Is it an academic exercise, or is there something more to it? Just simply curious... -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 3:25 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Objective: Use Group Policy to force workstations to lock after 60 minutes of inactivity. Well, I know that there's no way to easily do this by using a GPO. Most admins just use the GPO settings to enable a screensaver and password for it, however, I really want to lock the workstation instead. The only way I can figure to do this is to create a scheduled task and then somehow assign it using a GPO. Now, I set up a shortcut that has the target as: "C:\WINDOWS\system32\rundll32.exe user32.dll,LockWorkStation" as all of our workstations have the same windows directory, I didn't need to use %windir%, and all run Windows XP SP2. After making that shortcut, and saving it to a share that's accessable by all users (read-only), if I run it from there, it will lock the workstation, just as if the user manually locked it. Now, the trick is getting it to run when the workstation is idle for 60 minutes. I set up a task in task scheduler to point to the shortcut on the network share. I then set the properties on that task to only start if the computer has been idle for at least 60 minutes. Now, if I manually run that task on my workstation (I have admin rights), it works just fine. Doing the same thing (setting up the task the exact same way) on a test machine returns a "Could not start" in the task scheduler, but if I manually run the shortcut from the network share, it locks the workstation as it should. Our users have restricted-user privs on the local workstation (we don't give out Power User or Admin rights to them) - could this be a reason for it not working, or am I just missing something obvious here? Thanks. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
