Maybe I misunderstood the requirement/objective but why not simply use a transparent screen saver?
This approach is popular on trade floors where traders need to be able to monitor activity even if the machine locks after n minutes of inactivity. The user is prompted for username/password as soon as any mouse/keyb activity is detected. HTH, neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: 07 February 2005 21:25 To: [email protected] Subject: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager Objective: Use Group Policy to force workstations to lock after 60 minutes of inactivity. Well, I know that there's no way to easily do this by using a GPO. Most admins just use the GPO settings to enable a screensaver and password for it, however, I really want to lock the workstation instead. The only way I can figure to do this is to create a scheduled task and then somehow assign it using a GPO. Now, I set up a shortcut that has the target as: "C:\WINDOWS\system32\rundll32.exe user32.dll,LockWorkStation" as all of our workstations have the same windows directory, I didn't need to use %windir%, and all run Windows XP SP2. After making that shortcut, and saving it to a share that's accessable by all users (read-only), if I run it from there, it will lock the workstation, just as if the user manually locked it. Now, the trick is getting it to run when the workstation is idle for 60 minutes. I set up a task in task scheduler to point to the shortcut on the network share. I then set the properties on that task to only start if the computer has been idle for at least 60 minutes. Now, if I manually run that task on my workstation (I have admin rights), it works just fine. Doing the same thing (setting up the task the exact same way) on a test machine returns a "Could not start" in the task scheduler, but if I manually run the shortcut from the network share, it locks the workstation as it should. Our users have restricted-user privs on the local workstation (we don't give out Power User or Admin rights to them) - could this be a reason for it not working, or am I just missing something obvious here? Thanks. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================== List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
