This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 12%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
I think I've found a device configuration profiles bug.
Here's how to reproduce it:
After one of my Windows 10 devices (a VM guest I use to test with) picked up this setting, it started locking the screen after just 1 second of inactivity. I had to continually wiggle the mouse to keep it from locking the screen while I debugged the problem.
I found the problematic setting:
I went back to Endpoint Manager and disabled "Interactive Logon Machine Inactivity Limit". After the device picked up the new setting, the problem went away, and in gpedit.msc I could see that "Interactive logon: Machine inactivity limit" was now set to 0 seconds.
Seems like Endpoint Manager thinks the setting is a boolean, but gpedit.msc thinks the setting is an integer with units of seconds. I wonder if Endpoint Manager set the boolean value to 1, meaning Enabled, but the policy on the client computer interpreted it as 1 seconds.
This documentation thinks the setting is a boolean:
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-LocalPoliciesSecurityOptions#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit
But this documentation thinks the setting is integer seconds:
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit
Curiously, a Dell laptop of mine also picked up this setting, but it did not start locking the screen after 1 second, even though in gpedit.msc I could see the setting was "1 second". Dunno why the problem wasn't happening on the Dell laptop. Maybe some other setting needs to be set a certain way to reproduce the bug. My Dell laptop is not configured exactly the same as the VM guest.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 67%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFO%3C/text%3E%3C/svg%3E)
Confirmed. I'm seeing this same issue in my own environment. I'd like to implement this but if I can't reliably apply it against my workstations, its going to hinder my ability to recommend placing all of these GPOs in a configuration profile. Can we get more attention on this to get these GPO items fixed? I have a number of policies I want to migrate over.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Matt Day ,Thanks for posting in our Q&A. Based on my test on the VM in lab. I get the same phenomenon as yours. I noticed you have reported this issue in uservoice as well:
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/42775955-bug-with-configuration-profile-that-sets-interacti
We can wait if we can get any update here. Meanwhile, I will try my best to feedback. If I can get any update on this. I will post back.
As this is a feature in preview which means still in testing phrase. as another option, We can consider another setting "Minutes of lock screen inactivity until screen saver activates" under Endpoint protection device configuration to set the maximum minutes of inactivity on the interactive desktop. In my test, I set it as 1 minute which means it will lock after 1 minutes without any user activity.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 11%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
We're experiencing the same issue - one HP Spectre x360 is experiencing immediate logoffs, but other laptops are not.
Please escalate the fix to make the Interactive Logon Machine Inactivity Limit setting an integer value rather than boolean!