0

We are trying to decided between, the Computer vs User GPO Policies to force the screen to lock for our user workstations. Both seem to have the same overall effect of evoking the screen saver, effectively locking the users session.

enter image description here

Are there any advantages or disadvantages to either of these methods?

Interactive Logon: Machine inactivity limit Properties

Computer configuration polices
└──Policies
   └──Windows Settings
      └──Security Settings
         └──Local Polices
            └──Security Options
               └──Interactive Logon: Machine inactivity limit Properties

VS

Screen Saver Timeout

User Configuration
└──Administrative Templates
   └──Control Panel
      └──Personalization.  
         └──Screen saver timeout

enter image description here

Improve this question

1 Answer 1

Reset to default
0

I don't profess to be an expert on the subject but my summation of the two different settings is this:

Inactivity timeout: is a workstation security setting and will always require any user to authenticate after the set period of inactivity.

Screen Saver: is a user setting and users may have more aggressive timeouts based on their role/scope. Screen saver also does not force re-authentication unless the "Password protect the screen saver" is also enabled.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .