Windows Tip Sheet
Lock Me Up!
Using the command-line task scheduler to lock up inactive desktops automatically.
- By Jeffery Hicks
I once had a client in the healthcare field. He was a one-man shop yet still needed to have a secure environment. One of his requests was that if a user’s desktop was inactive for 20 minutes, the Windows XP workstation would lock up. He could have used Group Policy and configure a password-protected screen saver, but for several reasons, he didn’t want a screen saver running. He needed to see that the workstation was locked.
To lock a workstation, all he needs to do is run this command:
In order to have this work, he'd need to schedule this command as a task on each desktop, to run when the computer idles for 20 minutes. The office was small enough that he could have gone to each workstation, kicked the user off, logged on as an administrator, created the job, logged off and let the user log back on. But that would take too much time. Instead, a better solution is to turn to the command-line task scheduler in Windows XP, called SCHTASKS.EXE. All he'd have to do now is run this command, substituting each desktop name:
schtasks /create /s DesktopName /TN LockDesktop /tr
/RU companydom\admin /RP AdminPassword /sc OnIdle /i 20
When he create a scheduled task remotely, he has to specify the credentials that will execute the task. Since he didn't know the user’s password, he couldn’t use their credentials. Instead, he'd used a domain account specified with the /RU and the appropriate password specified by the /RP switch. Once the command ran, which only took a matter of seconds, each machine had a new scheduled task called Lock Desktop, scheduled to run when the machine idled for 20 minutes.
As with many things Microsoft, there’s usually more than one way to do something. For this particular client, the command-line approach was exactly what he was seeking.
Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, and a frequent speaker at technology conferences and user groups.