Lock Windows workstations after inactivity timeout

This article describes how to automatically lock workstations in Windows by implementing workstation locking policy. This will improve security by locking unattended workstations, when users walk away and leave sensitive information on their screen.

Follow these steps to setup automatic Windows workstation locking via Group Policy for your Active Directory, or for individual computers.

  • Go to Start menu – gpmc.msc, or just type: Group Policy in Start menu. Alternatively go to and edit Group Policy for you Active Directory
  • Navigate on the left side to: User Configuration – Administrative Templates – Control Panel – Personalization
  • Set the following policies to Enabled: Enable Screen Saver, Password protect the screen saver.
  • Set Screen Saver timeout value to: 300. This is a timeout in seconds. You can choose your own inactivity timeout here, after which their session will locked requiring them to re-enter the password.
  • Enable Force specific screen saver policy and copy the following value:
    rundll32 user32.dll,LockWorkStation
    This command will lock the workstation right away rather than showing an actual screensaver.
lock workstation via screensaver group policy

Once 5 minutes of inactivity passes, the users session will get locked.

If you install SoftActivity Monitor user activity monitoring (UAM) software, you will see user sessions in Attendance report that looks like this:

Employees attendance report in webapp

Export the report to PDF for more details. Setup daily email reports to get this report in email automatically.

November 19th, 2020