What about Windows 7?

Those of you who are familiar with this idle timer policy setting are probably screaming at the page right now, because you know that this particular setting is actually new starting with Windows 8 clients, and that it will not work on Windows 7 machines. While most settings that you configure via Group Policy will be able to successfully apply no matter what the endpoint operating system, there are some new features introduced with each new OS rollout, and as such there are specific settings crafted into Group Policy that are also new as of each new iteration of Windows. That is true of this machine inactivity limit policy. I chose a tricky one like this on purpose, to showcase that you always want to test, test, and test again whenever you create new policies. Make sure the new settings do what you want them to do on each kind of client machine that you have.

This option was available to click on and configure inside GPMC because we are running GPMC on a Server 2016 platform, which of course has the newer settings introduced by Windows 8 and Windows 10 clients. If we were to run GPMC on an older box, such as a 2008 Server, this setting would be missing.

When you plug newer settings into a GPO, settings that will only do something on Windows 8 and newer, for example, and then push that policy to something older, such as a Windows 7 workstation, the Win7 client simply ignores that setting. Windows 7 doesn't know what to do with the Machine inactivity limit setting, and so it laughs at you and ignores it.

Thankfully, there is a way to configure an idle timer on Windows 7 as well; it's just a little bit more complicated. You have to utilize a combination of four different settings to make it happen, but those settings are all sitting right alongside one another, so it's not too terrible to implement. Even though this is the Computer Configuration section of our chapter, we are going to jump over to User Configuration just for a minute so that you have the ammunition you need in order to roll this idle timer out to all of your workstations.

Back inside the Group Policy Management Editor, navigate to the following section:

User Configuration | Policies | Administrative Templates | Control Panel | Personalization

There are numerous settings available inside Personalization, and we are going to employ four of them in order to configure our idle time lockout to work on Windows 7 computers. You will need to Enable screen saver, Force specific screen saver (in order to tell it which one to run), set a Screen saver timeout (60 seconds), and Password protect the screen saver:

This combination of settings will force Windows 7 clients to flip on a screensaver after 60 seconds, or whatever you determine that idle interval to be, and to require the users to enter their password in order to come back to the desktop after the screensaver has been started. It is now obvious why Microsoft implemented the new policy setting for Windows 8 and newer clients; it's much easier to deploy!

Also note that you have the choice of implementing the Win8+ setting in one GPO and the Win7 settings in a different GPO, or you could put all of the settings together inside the same GPO and roll them out to all of your workstations. Either way would accomplish what you are looking for technically—the decision is yours as to what fits your GPO-filtering mentality better.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.22.202