In this post we will see how to lock computers in domain via group policy. Most of the companies today want the computers to be locked out after specific interval of time or after specific duration of inactivity on the computer. The employees are advised to lock their computer before they step away from the computer but if the employee steps away without locking the computer it could lead to unauthorized access to domain workstations within your organization. With the help of group policy the administrator can define settings to automatically lock the computer after the specified amount of minutes. This will prevent the unauthorized access to the computer even though the employees forget to lock their computers.
Most of the companies have a branded screen saver that displays their company logo along with company information. In this post we will using one of the screen saver that comes with windows operating system.
In this post we will be using a screen saver so that after the inactivity timeout on the computer, the computer gets locked and a screen saver is displayed. When clicked on the screen saver, the computer should prompt the user to enter the credentials to login. Windows server 2008 R2 comes with few inbuilt screen savers, we will be using one of them. The screen savers can be found in WindowsWinsxs and look for .scr files.
Open the Group Policy Management, right click on your domain and click on Create a GPO in this domain and link it here. Provide a name to the policy such as Screensaver Policy and click on OK.