Announcement

Collapse
No announcement yet.

user gets Idle locked after 5 min

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • user gets Idle locked after 5 min

    hello,

    I have a problem with a user that get's an Idle lock every 5 min.
    her are some details about the server:
    * server 2008 datacenter ver 6.0 (build 6002: sp2)
    * 5 users login through RDP
    * active directory with an OU for those 5 users
    * i created a special GPO for that OU

    i've been searching all over to find out why only that specific user gets Idle locked from his session after 5 min - and i came out with nothing...(filtering the GPO's, user properties, AD all over and NADA).

    i'll be glad for some help\advise from this forum

    thanks
    Roy

  • #2
    Re: user gets Idle locked after 5 min

    This is controlled by the Screensaver settings in Control Panel - Display, have you looked at that?

    Comment


    • #3
      Re: user gets Idle locked after 5 min

      There are a few settings that could be causing this disconnect and a few places to look.

      First, on the user that is having the issue, run:
      Code:
      gpresult /H results.html && results.html && ping 1.1.1.1 -n 2 & del results.html
      Look through the settings and see if there are any restrictions set on the session time limits.

      The other place to look is in ADUC, on the user's properties -> Sessions tab.
      Regards,
      Jeremy

      Network Consultant/Engineer
      Baltimore - Washington area and beyond
      www.gma-cpa.com

      Comment


      • #4
        Re: user gets Idle locked after 5 min

        I've seen this happen for a few different reasons, mainly there is an active RDP/Citrix session active when the password has expired and been changed.
        If that's the case find which RDP server has the active session for this user and end it.

        Other times i've seen it where a mapped drive was done by providing alternate credentials, then the password changed.

        Another time was something to do with windows updates which was strange but a system restore fixed it.

        This is a handy free tool that has helped me before.
        http://www.netwrix.com/account_lockout_examiner.html

        Also lockoutstatus is worth a look.
        http://www.microsoft.com/en-gb/downl....aspx?id=15201
        Please remember to award reputation points if you have received good advice.
        I do tend to think 'outside the box' so others may not always share the same views.

        MCITP -W7,
        MCSA+Messaging, CCENT, ICND2 slowly getting around to.

        Comment


        • #5
          Re: user gets Idle locked after 5 min

          enderadm you were right
          i'd never thought of it after setting up the GPO.

          It almost cost me a "big client" - thank you from the bottom of my heart.

          Comment


          • #6
            Re: user gets Idle locked after 5 min

            well unfortunately it came back.....although the "screen saver" solution helped but lasted two weeks only

            i'll be glad to hear more ideas from anyone

            thanks

            Comment


            • #7
              Re: user gets Idle locked after 5 min

              Please check my above post and post back with any questions.

              Screensaver settings don't apply to RDP sessions, BTW.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: user gets Idle locked after 5 min

                Originally posted by JeremyW View Post
                Please check my above post and post back with any questions.

                Screensaver settings don't apply to RDP sessions, BTW.


                jeremy thanks for answering, but how can i check your code on a specific user (lets say - user5) ? it seems to be checking the administrator only...

                Comment


                • #9
                  Re: user gets Idle locked after 5 min

                  I was assuming that you would run this as the user with the issues.

                  If you want to check from the server, open Group Policy Management, expand the forest, right-click the Group Policy Results folder and select Group Policy Results wizard. You can then run it against the computer and user that is having the issue.
                  Regards,
                  Jeremy

                  Network Consultant/Engineer
                  Baltimore - Washington area and beyond
                  www.gma-cpa.com

                  Comment


                  • #10
                    Re: user gets Idle locked after 5 min

                    Originally posted by JeremyW View Post
                    I was assuming that you would run this as the user with the issues.

                    If you want to check from the server, open Group Policy Management, expand the forest, right-click the Group Policy Results folder and select Group Policy Results wizard. You can then run it against the computer and user that is having the issue.

                    Hi Jeremy,
                    I've tried the GP result and found nothing about locking out the account after 5 min.
                    not in the specific user settings or computer settings.

                    it's driving me crazy !?!?!?!?

                    Comment


                    • #11
                      Re: user gets Idle locked after 5 min

                      guys...I really need help here.
                      if you could think of something please advise me

                      Comment


                      • #12
                        Re: user gets Idle locked after 5 min

                        Originally posted by dsafe View Post
                        guys...I really need help here.
                        if you could think of something please advise me
                        No need to shout...

                        As you know, the board is run by volunteers, so if someone had been able to help more, they would have when they had time available.

                        Have you checked local computer policy? (probably a vain hope)

                        Have you deleted the users profile?

                        Have you considered deleting the user account and giving them a new one?

                        If all fails, consider raising it with Microsoft PSS (will co$t, but they will work with you until you have a definite solution)
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: user gets Idle locked after 5 min

                          With a user logon script you might find where the 'session lock' ("Secure Screen Saver") is configured.
                          1. This is the script (batch file), place it in \\domain.local\SYSVOL\domain.local\scripts
                            Code:
                            :: Determine IF "ScreenSaverIsSecure"
                            
                            @Echo off
                            Set "HV=HKEY_CURRENT_USER"
                            Set "GP=Software\Policies\Microsoft\Windows\Control Panel\Desktop"
                            Set "PP=Control Panel\Desktop"
                            
                            If /i "%USERNAME%" EQU "RemS"  (
                               echo.%date% - %time%,    user: %username% / server: %computername%
                               echo.%HV%\%PP%
                               REG.exe QUERY "%HV%\%PP%" /f  "ScreenSav" | findstr /vrc:"^$" /vic:"^%HV%"
                               echo.%HV%\%GP%
                               REG.exe QUERY "%HV%\%GP%" /f  "ScreenSav" | findstr /vrc:"^$" /vic:"^%HV%"
                               echo\- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                               ) >> "\\servername\sharename\Idle_lock.txt" 2>&1
                          2. In the script change the blue colored user name (RemS) to the specific user's samaccount name.

                          3. Create a shared folder on a file server (\\servername\sharename).
                            -> Share Permissions: Everyone = Full Control
                            -> NTF permissions: Authenticated Users = Modify

                          4. In the script change the blue colored \\servername\sharename to the actual path of the share.

                          5. Create or edit a GPO linked to the terminal servers OU.
                            -> GPO status: Enabled (all settings are enabled)
                            -> Enable the Loopback Policy
                            -> Configure a logon script under User Configuration. Point to the just created script in \\domain.local\SYSVOL\domain.local\scripts

                          The next time after the user was logged-on , view the created file "Idle_lock.txt" in the share.

                          /Rems
                          Last edited by Rems; 27th January 2014, 23:30.

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment

                          Working...
                          X