I have a workstation connected to a domain. A user logs on the machine with low privileges (currently running a local user in Kiosk mode). Due to the nature of the application this user has access to, it is necessary for the user to auto logon when the machine is turned on and for the screensaver not to appear or lockout the user after a set period of inactivity. However, there may be times when i need to logon to this machine with a user who has high privileges, such as local or domain admin. When this type of user logs on, i want the screen to lock after a period of inactivity. How can i achieve this?
Asked
Active
Viewed 28 times
-1
Greg Askew
- 35,880
- 5
- 54
- 82
Brosec10
- 1
- 1
-
1Domain Admins should never logon to those types of devices. Why would you do that? Also local user accounts do not apply the per user Group Policy needed to specify the lock screen screensaver. It seems like the hack around you need is a logon script that only admins have permission to execute, that sets the corresponding registry values for the lock screen screensaver. https://support.microsoft.com/en-au/topic/how-to-change-the-logon-screen-saver-in-windows-ab28d230-ffb9-65f8-74a9-c26c5e00ec73 – Greg Askew Aug 05 '23 at 16:18
-
The chances are that I wouldn’t, but I wanted to word the question in a way that would give me the answer I was looking for. Let’s say hypothetically speaking that someone did login as admin. If I created a script to trigger on login of the admin user, would the change to the registry take effect straight away, or would the Lock Screen still not kick in until the machine had been restarted or the user had logged back out and back in again? – Brosec10 Aug 05 '23 at 22:28