Jason- I haven't used hte task scheduler recently (more a command line person), but, as I recall you can't specify an argument in the wizard. Just have to give it rundll32, and then go back in and manually edi thte task with your arguments. Also, try quoting the path to rundll32, and then outside the path put user32,LockWorkStation. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101
________________________________ From: [EMAIL PROTECTED] on behalf of Jason B Sent: Mon 2/7/2005 3:25 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Objective: Use Group Policy to force workstations to lock after 60 minutes of inactivity. Well, I know that there's no way to easily do this by using a GPO. Most admins just use the GPO settings to enable a screensaver and password for it, however, I really want to lock the workstation instead. The only way I can figure to do this is to create a scheduled task and then somehow assign it using a GPO. Now, I set up a shortcut that has the target as: "C:\WINDOWS\system32\rundll32.exe user32.dll,LockWorkStation" as all of our workstations have the same windows directory, I didn't need to use %windir%, and all run Windows XP SP2. After making that shortcut, and saving it to a share that's accessable by all users (read-only), if I run it from there, it will lock the workstation, just as if the user manually locked it. Now, the trick is getting it to run when the workstation is idle for 60 minutes. I set up a task in task scheduler to point to the shortcut on the network share. I then set the properties on that task to only start if the computer has been idle for at least 60 minutes. Now, if I manually run that task on my workstation (I have admin rights), it works just fine. Doing the same thing (setting up the task the exact same way) on a test machine returns a "Could not start" in the task scheduler, but if I manually run the shortcut from the network share, it locks the workstation as it should. Our users have restricted-user privs on the local workstation (we don't give out Power User or Admin rights to them) - could this be a reason for it not working, or am I just missing something obvious here? Thanks. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
