Group policy - computer lockout

Zitta Stanislav 21 Reputation points
2021-02-04T15:27:50.263+00:00

Greetings Windows experts, Im trying to untangle effect of multiple GPO settings setting roughly similar behaviour. Our environment: Windows Serer 2019 DCs Windows 10 1909 Enterprise clients The settings that puzzle me are:
Power Plan
Turn off display after 30 minutes
Screen saver
Screensaver timeout: 3600 seconds
Password protect screensaver: Disabled
Enable Screensaver: True
Local policies/security options
Interactive logon: Machine inactivity limit: 7200 seconds
... to me, it looks like that all three groups (marked as bold) take care of the same settings, however, with different values. What takes precedence, what will be the result of all these 3 group policy settings?
Thank you in advance for the feedback, take care. SZ

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,839 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,276 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,306 Reputation points Microsoft Vendor
    2021-02-05T02:38:37.507+00:00

    Hi,

    The three policies are not for the same setting. But they do have a close connection.

    Turn off display: You can specify how long your PC is inactive before all your connected displays turn off. When your display turns off, you would just need to move the mouse, touch the touchpad or touchscreen, click a mouse or touchpad button, or press a key for the display to turn back on. Password not needed .

    Screen savertimeout : A screen saver is a moving picture or pattern that displays on the screen(s) of your PC after you have not been active on the PC for specified period of time to wait. It was used to force the computer screen to lock itself after the inactivity time you set . To login ,it requires password or not depends on the Password protect screensaver is Disabled or enabled.

    Interactive logon: Machine inactivity limit.(close to screen saver timeout setting)If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver (screen saver should be active on the destination machine).

    For your questions: what will be the result of all these 3 group policy settings
    The device locks not only when inactive time exceeds the inactivity limit, but also when the screensaver activates or when the display turns off because of power settings.
    The password is needed for both the 3 situations mentioned above.

    Best Regards,

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful