JSI Tip 9541. How do I log a user off the console (desktop) after a period of inactivity?

NOTE: Windows defines inactivity as the absence of user input.

To log a user off after a period of inactivity, we will use the screen saver functionality:

1. Create a %SystemRoot%\InActiveOff.cmd. file that only contains %SystemRoot%\System32\logoff.exe.

2. Insure that ordinary Users only have Read permissions on the %SystemRoot%\InActiveOff.cmd file and that the Administrators group and the local System account have Full Control. See How can I use Group Policy to set File System and/or Registry permissions?.

NOTE: for a non-domain environment, you could run the following InActiveOffPerms.bat File on each computer:

@echo off
echo y| cacls %SystemRoot%\InActiveOff.cmd /g Administrators:F
echo y| cacls %SystemRoot%\InActiveOff.cmd /e /g System:F
echo y| cacls %SystemRoot%\InActiveOff.cmd /e /g Users:R
4. Use local or domain group policy at User Configuration / Administrative Templates / Control Panel / Display to set:
Hide Screen Saver tab (to Enable)
Activate screen saver (to Enable)
Screen saver executable name (to %SystemRoot%\InActiveOff.cmd)
Screen Saver timeout (to the number of seconds of inactivity before the user is logged off).
NOTE: A user logoff and logon may be required.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish