Set up GPO for Automatic Lock Screen
In order to increase security on users’ computers, we can set up a Group Policy Object (GPO) that enforces lock screen to be enabled and set to a specific amount of seconds. This GPO will disable the option for the user to change it in the Windows lock screen settings.
A GPO will apply to all users in the Organizational Units (OU) where it is created as well as all OUs in the levels below.
- Log into Server-DC2 and open up Group Policy Management.
- Right-click on the OU that you want to add the GPO to and select “Create a GPO in this domain…” and give it a name.
- Select the new GPO.
- Right-click on Computer Configuration and select Edit.
- In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
- Double-click “Interactive logon: Machine inactivity limit”.
- Check “Define this policy setting” and enter the time in seconds the text box. After this many seconds of inactivity, the computer will lock.
- Click Apply and OK.