CMD Script to set locking timeout policy on Windows computers

TechZilica

3 years ago

&Tab;&Tab;<div data-elementor-type="wp-post" data-elementor-id="647" class="elementor elementor-647" data-elementor-post-type="post">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;<section class="elementor-section elementor-top-section elementor-element elementor-element-3dc0ff1 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="3dc0ff1" data-element&lowbar;type="section">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;<div class="elementor-container elementor-column-gap-default">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;<div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c0df8c8" data-id="c0df8c8" data-element&lowbar;type="column">&NewLine;&Tab;&Tab;&Tab;<div class="elementor-widget-wrap elementor-element-populated">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;<div class="elementor-element elementor-element-fc8eaca elementor-widget elementor-widget-heading" data-id="fc8eaca" data-element&lowbar;type="widget" data-widget&lowbar;type="heading&period;default">&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-widget-container">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;<h2 class="elementor-heading-title elementor-size-default">Intro</h2>&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-element elementor-element-bcb0ae8 elementor-widget elementor-widget-text-editor" data-id="bcb0ae8" data-element&lowbar;type="widget" data-widget&lowbar;type="text-editor&period;default">&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-widget-container">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;<p>Some time ago I was requested by a client to roll out a script so their computers are locked when left unattended, I can certainly understand the importance of this feature as having a computer used by an unauthorised third-party is potentially catastrophic&excl;</p><p>The security risks are endless and imagine if there isn&&num;8217&semi;t a timeout set at all&semi; the window of opportunity for unauthorised access is also potentially endless&period;</p><p><strong>This script is designed for a WorkGroup environment</strong>&period; <strong>If you have a domain environment, I suggest making these changes using GroupPolicy instead&period;</strong></p>&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-element elementor-element-13882e3 elementor-widget elementor-widget-heading" data-id="13882e3" data-element&lowbar;type="widget" data-widget&lowbar;type="heading&period;default">&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-widget-container">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;<h2 class="elementor-heading-title elementor-size-default">Method</h2>&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-element elementor-element-48c8804 elementor-widget elementor-widget-text-editor" data-id="48c8804" data-element&lowbar;type="widget" data-widget&lowbar;type="text-editor&period;default">&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-widget-container">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;<p>We&&num;8217&semi;re going to firstly going to make some changes via the registry&semi; <span style="font-size&colon; 15px&semi; color&colon; var( --e-global-color-text )&semi; font-family&colon; var( --e-global-typography-text-font-family ), Sans-serif&semi;">These are CMD commands to be executed with administrator </span><span style="font-size&colon; 15px&semi; font-style&colon; normal&semi; font-weight&colon; 400&semi; color&colon; var( --e-global-color-text )&semi; font-family&colon; var( --e-global-typography-text-font-family ), Sans-serif&semi;">privileges</span></p><h3><b>Lock the computer when the screensaver is enabled&colon;</b></h3><blockquote><p>REG ADD &&num;8220&semi;HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop&&num;8221&semi; /v ScreenSaverIsSecure /t REG&lowbar;SZ /d 1</p></blockquote><h3><b> </b></h3><h3><b>Turn on the screensaver after 600 seconds of idleness&colon;</b></h3><blockquote><p>REG ADD &&num;8220&semi;HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop&&num;8221&semi; /v ScreenSaveTimeOut /t REG&lowbar;SZ /d 600</p></blockquote><p>Next, we are going to adjust the Windows power settings, so that the screen turns off shortly after the screensaver, to save power&period;<br />These commands are also to be ran in an administrative CMD prompt&colon;</p><p> </p><blockquote><p>powercfg -change -monitor-timeout-ac 11</p></blockquote><blockquote><p>powercfg -change -monitor-timeout-dc 11</p></blockquote>&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-element elementor-element-3aca081 elementor-widget elementor-widget-text-editor" data-id="3aca081" data-element&lowbar;type="widget" data-widget&lowbar;type="text-editor&period;default">&NewLine;&Tab;&Tab;&Tab;&Tab;<div class="elementor-widget-container">&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;<p>Thats it, now as long as all the computers have passwords set for their accounts, you&&num;8217&semi;ve reduced the attack surface of idle computers in the organisation&excl;</p>&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;</section>&NewLine;&Tab;&Tab;&Tab;&Tab;</div>&NewLine;&Tab;&Tab;