Locking and Terminating User Sessions via Group Policy settings

windows-7 security remote-desktop windows-server-2008-r2 group-policy
9,608

Locking a session (either local or remote) is done using the screen saver settings.
User Configuration > Policies > Administrative Templates > Control Panel > Personalization:
Enable screen saver - Enabled
Force specific screen saver - Enabled
Password protect screen saver - Enabled
Screen saver timeout - Enabled

As far as I remember, you need to configure all four.
Also, this policies apply to Server 2008r2 and Win7 - I think XP has other settings.

As for terminating a session, it exists only for remote sessions.
User Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits:
Set time limit for active but idle Remote Desktop Services sessions - Enabled
Set time limit for disconnected sessions - Enabled
Terminate session when time limits are reached - Enabled

If you want to do the same for local sessions, you'll need to script it.

Share:
9,608

Related videos on Youtube

Zach L
Author by

Zach L

I've been troubleshooting since my first Windows 95 computer when solitaire wouldn't load up. I'm a student studying networking via Cisco at a local community college, but have interest in many areas of IT. I was raised on Windows and have minor experience in OS X & Unix.

Updated on September 18, 2022

Comments

  • Zach L
    Zach L over 1 year

    To conform with some new security requirements, my company is implementing Group Policy solutions to existing security vulnerabilities. My current assignment is to find and implement Group Policy settings that will cause the current user session to lock after a configured period of idle time and terminate an inactive user session after a given period of time.

    These settings are supposed to apply to all user sessions, local or remote, and are to be enacted in a domain environment (forest) containing a mixture of workstations and servers. I can't, for the life of me, figure out if I just glossed over some obscurely-placed setting, or if such settings even exist.

    The Cut-&-Dry (with arbitrary example numbers): User sessions automatically locking after 30 minutes of inactivity. User sessions terminating after 180 minutes of inactivity. Applies to both local and remote user sessions. Is this possible via Group Policy? If so, where are these settings?

    Related (but unanswered): Auto lock the screen for any user after specified period of inactivity on Windows 7

    • Zach L
      Zach L over 9 years
      If my question needs to be split into multiple questions, please let me know via the comments.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How secure is Remote Desktop Connection?
Is there a way to natively share screens in Windows 7?
Windows 7 Cached Credentials - No Logon Server. Can't Log In
Can't edit Local Security Policy
Remote Desktop Services: start a program on connection within desktop environment
Securing Remote Desktop Connections With SSL Certificate From a Trusted Certificate Authority
How to copy local group policy objects from one machine to another?
How can I import a security template in Windows 7 using command line?
How to make computer (or user) trust signed software
Cannot automatically log in to RDP session: server's authentication policy does not allow connection requests using saved credentials