windows idle lockout by registry edit

1

I want to force a desktop lockscreen (password protected) when idle for 2 minutes. After doing some research i found the following registry keys, which (strangely) don't result to expected behaviour:

HKCU:\Control Panel\Desktop\ScreenSaveActive (REG_SZ)

HKCU:\Control Panel\Desktop\ScreenSaverIsSecure (REG_SZ)

HKCU:\Control Panel\Desktop\ScreenSaveTimeOut (REG_SZ)

Any idea's i'f im missing out something?

TLDR: What reg keys need to be modified for secure lock (no lockout!) when idle (Windows)?

P.S: PC is non-domain joined.

RockYoClock

Posted 2016-10-20T21:09:26.640

Reputation: 31

apparently these registry changes needed a system restart to activate. – RockYoClock – 2016-10-21T12:42:02.737

Answers

1

You should set this through local computer policy.

Run mmc.exe (requires local administrator) then File > Add/Remove Snap-in... (keyboard shortcut ctrl + m)

Scroll down and add Group Policy Object Editor a dialogue window will appear, the default Group Policy Object should be Local Computer which will edit local computer policy. If it is not then change to Local Computer. Click Finish.

Drill down to Local Computer Policy > User Configuration > Administrative Templates > Personalization

Set the Screen saver timeout policy to 120 seconds. Next set the Password protect the screen saver policy to enabled.

You have some other options, such as enforcing specific screen savers, if you want.

You don't need to save, changes are set automatically as you make them, though you may need to reboot the computer for the changes to become active.

Quincy Otter

Posted 2016-10-20T21:09:26.640

Reputation: 71

you are referring to the same registry settings i made earlier. the reason i'm forced to modify the registry directly is because i need to do it remote and have the ability to run script, not push GPO's. – RockYoClock – 2016-10-21T07:05:09.343

Since you can edit the registry remotely I'll assume you have RPC and other remote management opened up. You can edit the local policy remotely, just specify the computer by name instead of Local Computer. Since you're setup for remote administration you could probably also just use RDP. Editing keys inside Hive Key Current User (HKCU) isn't going to work, you're making changes just for the current user - whatever administrative user you logged in as - which probably isn't the same user you have everyone else logging in as. – Quincy Otter – 2016-10-21T21:34:05.980

Asked: 2016-10-20T21:09:26.640

Viewed: 6 281 times

Active: 2016-10-20T21:30:24.137