With the entry into force of the GDPR, is born the necessity to block the screens of users’ PCs automatically if they did not use it for 15 minutes (possible coffee / cigarette break ). There is the possibility to set the screen saver to all the computers within a domain, but we must pay particular attention to all the settings to be set correctly within our domain controller, and in case it does not work the first time, we have collected a couple of possible solutions to solve the problem.
First of all let’s go under GROUP POLICY -> USER CONFIGURATION -> ADMINISTRATIVE TEMPLATES -> CONTROL PANEL -> CUSTOMIZATION and we activate the first user policy ABILITA SCREEN SAVER.
As far as needs are concerned, it is necessary, as indicated in the description, to set other planned policies:
Then you have to set the specific screen saver through the SET SPECIFIC SCREEN SAVER policy. It’s enough the name of the screen saver you want to use followed by the extension if it is in the default path: % Systemroot%\System32. Otherwise you will have to indicate the entire path followed by the name and extension of our file. It is important to remember that the same screen saver chosen must also be present on the local computer.
The last policy required will be TIME SCREEN SAVER. It is possible to set after how much inactivity you want to make it appear.
It is possible to prevent the user from modifying the screen saver through the BLOCK MODIFICATION OF THE SCREEN SAVER policy:
and protect the reactivation from the screen saver with a password with the PROTECT SCREEN SAVER WITH PASSWORD policy
In this last case it is necessary that the user is allowed to lock the computer and then we have to check under USER CONFIGURATION -> ADMINISTRATIVE TEMPLATES -> SYSTEM -> OPTIONS CTRL + ALT + DEL, that the policy is not enabled REMOVE BLOCK THE COMPUTER.
SOLUTIONS TO POSSIBLE PROBLEMS
- Try using another screen saver
- Check the path of the screen saver and check if it is present on the local PCs
- Remember that it takes some time for the policy to be set. In case you do not want to wait, force the update of the policy through the command: gpupdate /force
- Force inactivity timer by setting a time by going to COMPUTER CONFIGURATION -> WINDOWS SETTINGS -> SECURITY SETTINGS -> LOCAL POLICIES -> SECURITY OPTIONS -> INTERACTIVE ACCESS: ACTIVITY LIMIT OF THE COMPUTER
- Check that there are no processes that start automatically when the PC starts, which prevent the activation of the screen saver
- Setting the screen saver from local and not from domain, I would say that it is absolutely not the best option especially on a large domain. Can you imagine going over 500 computers to set the screen saver? I do not even want to think about it …
IMMAGINE : LINK