You're right - it did.
I'm laughing at myself now though, as many pointed out earlier, I am trying to reinvent the wheel. Just using the screensaver option in a GPO does exactly the same thing. I mistakenly thought that the screensaver password option in the GPO was like the old Win98 type screensavers, and not tied into the domain username/pw. It serves me right for not just *trying* that first.
I do appreciate all those who offered suggestions and help, and I did gain a greater understanding of how the Task Scheduler works, and what can and can't be done with it. :)
----- Original Message ----- From: "Becker, Jim" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, February 08, 2005 7:24 AM
Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager
Bypass the wizard by right-clicking in the Sheduled Task folder and select New, Scheduled Task, give it your desired name then edit its properties directly.
Simply put the whole command, arguments and all, on the Run line of the scheduled item. It works that way.
Jim Becker State University of New York System Administration
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 6:37 PM To: [email protected] Subject: Re: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager
I think this may work... I'll try it and get back with the list.
Thanks.
----- Original Message ----- From: "Crawford, Scott" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, February 07, 2005 4:07 PM
Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in
conjunction with task manager
When I've used scheduler to run an exe that needs arguments, I put the command in a batch file and schedule that to run.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 4:01 PM To: [email protected] Subject: Re: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager
The problem is that I am adding arguments to the rundll.exe that tell it to lock the workstation. Just having scheduler run the rundll.exe won't do
anything. As I pointed out, though, the scheduled task runs just fine from my workstation. The same set up on a test machine with a standard user account doesn't work from the task scheduler, but does work if I double click directly on the shortcut on the network share.
----- Original Message ----- From: "Gil Kirkpatrick" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, February 07, 2005 2:48 PM
Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in
conjunction with task manager
I doubt that the task scheduler can run a shortcut... Shortcuts are a shell function. Can you run the .exe directly from the scheduler instead of running the shortcut?
-gil
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, February 07, 2005 2:38 PM To: [email protected] Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager
Jason,
I'm sure that there's a good reason for not wanting to use the enable screen saver option, but I'm curious as to why you want to do that actual LockWorkStation function. Is it an academic exercise, or is there something more to it?
Just simply curious...
-rtk
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Monday, February 07, 2005 3:25 PM To: [email protected] Subject: [ActiveDir] Using GPO's to force a Lock Workstation in conjunction with task manager
Objective: Use Group Policy to force workstations to lock after 60 minutes of inactivity.
Well, I know that there's no way to easily do this by using a GPO. Most
admins just use the GPO settings to enable a screensaver and password for it, however, I really want to lock the workstation instead. The only way I can figure to do this is to create a scheduled task and then somehow assign it using a GPO. Now, I set up a shortcut that has the target as:
"C:\WINDOWS\system32\rundll32.exe user32.dll,LockWorkStation"
as all of our workstations have the same windows directory, I didn't need to
use %windir%, and all run Windows XP SP2. After making that shortcut, and saving it to a share that's accessable by all users (read-only), if I run it
from there, it will lock the workstation, just as if the user manually locked it. Now, the trick is getting it to run when the workstation is idle
for 60 minutes. I set up a task in task scheduler to point to the shortcut on the network share. I then set the properties on that task to only start if the computer has been idle for at least 60 minutes. Now, if I manually run that task on my workstation (I have admin rights), it works just fine. Doing the same thing (setting up the task the exact same way) on a test machine returns a "Could not start" in the task scheduler, but if I manually
run the shortcut from the network share, it locks the workstation as it should. Our users have restricted-user privs on the local workstation (we don't give out Power User or Admin rights to them) - could this be a reason for it not working, or am I just missing something obvious here?
Thanks. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
