Configure Windows Device Inactivity Limit Locally and Domain Wide

Posted on Temitope Odemo By Temitope Odemo No Comments on Configure Windows Device Inactivity Limit Locally and Domain Wide
windows workstations inactivity

In this article i will showing you how to Configure Windows device inactivity limit locally and domain wide. Due to security reasons, it is now important that your computer screen is locked when the system is inactive or idle for some time. Please see How to access shared resources from two different domains, How to demote and remove a Domain Controller on Windows Servers. Read this if you want to Configure Local Administrators Account lockout.

A Windows user can lock a computer screen themselves by using this shortcut key (Win + L). But you can setup your system to auto lock its screen and when your computer is part of a domain system. Please take a look at the YouTube video below for more information.

Then the standard and best approach is to implement a Group Policy that automatically locks the screen of the entire workstations or machines or users on the AD domain.

Configure Windows device inactivity limit locally and domain wide

You can further read about How to add a new Domain Controller to an Existing Domain, and how to Grant Non-Domain Admin Privileges to Manage Workstation,

1. Configure Windows Device Inactivity Limit Locally using Local Security Policy

Run secpol.msc to Open Local Security Policy.

cmd

Expand Local Policies in the left pane and click on Security Options to open the policies on the right pane.

LSP

Scroll down the Policies and click Interactive logon: Machine inactivity limit policy to open its properties.

interactive

Enter a number in the box “Machine will be locked after” for how many seconds of inactivity you can allow before automatically locking your computer. The default is 0 seconds to not automatically lock the computer.

interactive2

Close the Local Security Policy window and restart the computer to apply the configuration.

2. Configure Windows Device Inactivity Limit Locally using Registry Editor

Run regedit.exe to Open Registry Editor and navigate to this registry key location.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
registry

In the right pane double click inactivitytimeoutsecs DWORD to modify it.

inactivity

Inside the Value data box enter the inactivity timeout in seconds and click OK. Close the Registry Editor and restart the computer to apply the configuration.

DWORD

Please see How to configure user resource limits and restrictions in Linux, how to Prevent users from saving RDP Credentials on Windows 11, and “Automatically Log Out After a Period of Inactivity on Mac“.

3. Automatically lock your inactive computers in a domain Using GPO

We shall be using GPO to Configure Windows Device Inactivity Limit Locally and Domain Wide.

Open your Domain Controller and launch the Server Manager. Click on Tools tab and select Group Policy Management. Or you can run gpmc.msc to Open Group Policy Management.

GPM

After opening the Group Policy Management then you can create a new group policy. Right-click Group Policy Objects and click New.

GPO

Enter a name for the new group policy. I will use “TechDirectDeviceInactivity” for our GPO.

new GPO

Right-click on the new Group Policy Object created and select the edit option.

GPM2

On the Group Policy Management Editor screen, expand the Computer Configuration and locate the following.

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options
securityoption

On the right pane for policy, double-click on Interactive logon: Machine inactivity limit.

GPM Editor

Check the box Define this policy setting and enter the desired amount of inactive time in seconds.

security setting

Click OK and close the Group Policy Management.

Also, see how to Enable Time Limit to Disconnect Remote Desktop After Inactivity, and how to create a Dev Drive on Windows 11.

On the Group policy management right-click the domain and select the option to link the newly created Group Policy object.

link GPO

Link the new Group Policy object created to the selected domain and click OK.

select GPO

After configuring and applying the GPO you need to wait some minutes for the GPO to replicate to other domain controllers and workstations.

But if you want the GPO to propagate immediately then you can run “gpupdate /force” on a specific workstation.

I hope you found this blog post on how to Configure Windows Device Inactivity Limit Locally and Domain Wide Interesting and helpful. If you have any questions do not hesitate to ask in the comment section.

5/5 - (1 vote)
Windows, Windows Server Tags:, , , , , , ,

Related Posts

More Related Articles

screenshot 2020 03 15 at 00.43.16 How to permit and run only certain apps in windows Windows
How to Block IP Addresses Using Group Policy (GPO) in Active Directory Block IP Addresses Using Group Policy (GPO) in Active Directory Network | Monitoring
WonderFox HD Video Converter Factory Pro Video Conversion Desktop Software for Windows Windows
banner How to Disable Touchpad on Windows 11 Windows
WhatsApp Image 2022 02 20 at 4 How to use Postman for your POST Request Web Server
Featured post. How to fix The Group Policy settings for BitLocker startup options are in conflict and cannot be applied Security | Vulnerability Scans and Assessment

Leave a Reply