NOTE: Windows defines inactivity as the absence of user input.
To log a user off after a period of inactivity, we will use the screen saver functionality:
1. Create a %SystemRoot%\InActiveOff.cmd. file that only contains %SystemRoot%\System32\logoff.exe.
2. Insure that ordinary Users only have Read permissions on the %SystemRoot%\InActiveOff.cmd file and that the Administrators group and the local System account have Full Control. See How can I use Group Policy to set File System and/or Registry permissions?.
NOTE: for a non-domain environment, you could run the following InActiveOffPerms.bat File on each computer:
@echo off echo y| cacls %SystemRoot%\InActiveOff.cmd /g Administrators:F echo y| cacls %SystemRoot%\InActiveOff.cmd /e /g System:F echo y| cacls %SystemRoot%\InActiveOff.cmd /e /g Users:R4. Use local or domain group policy at User Configuration / Administrative Templates / Control Panel / Display to set:
Hide Screen Saver tab (to Enable) Activate screen saver (to Enable) Screen saver executable name (to %SystemRoot%\InActiveOff.cmd) Screen Saver timeout (to the number of seconds of inactivity before the user is logged off).NOTE: A user logoff and logon may be required.
0 comments
Hide comments
