我已经在许多Windows Server 2012 R2机器上build立了一个实验室。 该实验室具有Active Directory域(DFL:Windows Server 2012 R2,FFL:Windows Server 2012 R2),并且这些计算机已join域。
默认情况下,如果无人看pipe,这些Windows机器将自动locking。 我不希望机器自动locking。 由于这是一个孤立的实验室,所以我没有任何安全隐患,因为机器保持解锁状态。
我创build了一个组策略对象,它设置了许多configuration,并且机器仍然locking。 我已经validation了GPO已经应用到机器上了。
GPOconfiguration以下设置:
我已经做了几个小时的研究,但还没有find任何有效的方法。 是否有另一个设置来控制这种行为?
编辑:从gpresult / v输出:
C:\Windows\system32>gpresult /v Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0 c 2013 Microsoft Corporation. All rights reserved. Created on 9/24/2014 at 9:44:02 AM RSOP data for CONTOSO\user01 on SERVER01 : Logging Mode ---------------------------------------------------------------- OS Configuration: Member Server OS Version: 6.3.9600 Site Name: Default-First-Site-Name Roaming Profile: N/A Local Profile: C:\Users\user01 Connected over a slow link?: No COMPUTER SETTINGS ------------------ CN=SERVER01,OU=SPSSearch,OU=Projects,DC=CONTOSO,DC=NET Last time Group Policy was applied: 9/24/2014 at 9:03:08 AM Group Policy was applied from: DC01.CONTOSO.NET Group Policy slow link threshold: 500 kbps Domain Name: CONTOSO Domain Type: Windows 2008 or later Applied Group Policy Objects ----------------------------- Don't lock workstation Password Policy Default Domain Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization SERVER01$ Domain Computers Authentication authority asserted identity System Mandatory Level Resultant Set Of Policies for Computer --------------------------------------- Software Installations ---------------------- N/A Startup Scripts --------------- N/A Shutdown Scripts ---------------- N/A Account Policies ---------------- GPO: Password Policy Policy: MaximumPasswordAge Computer Setting: 4294967295 GPO: Password Policy Policy: MinimumPasswordAge Computer Setting: 30 GPO: Default Domain Policy Policy: LockoutBadCount Computer Setting: N/A GPO: Password Policy Policy: PasswordHistorySize Computer Setting: N/A GPO: Password Policy Policy: MinimumPasswordLength Computer Setting: N/A Audit Policy ------------ N/A User Rights ----------- N/A Security Options ---------------- GPO: Password Policy Policy: PasswordComplexity Computer Setting: Not Enabled GPO: Default Domain Policy Policy: ClearTextPassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: ForceLogoffWhenHourExpire Computer Setting: Not Enabled GPO: Default Domain Policy Policy: RequireLogonToChangePassword Computer Setting: Not Enabled GPO: Default Domain Policy Policy: LSAAnonymousNameLookup Computer Setting: Not Enabled GPO: Don't lock workstation Policy: @wsecedit.dll,-59042 ValueName: MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect Computer Setting: -1 GPO: Default Domain Policy Policy: @wsecedit.dll,-59058 ValueName: MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash Computer Setting: 1 N/A Event Log Settings ------------------ N/A Restricted Groups ----------------- N/A System Services --------------- N/A Registry Settings ----------------- N/A File System Settings -------------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ N/A USER SETTINGS -------------- CN=SharePoint Setup Account,OU=SPSSearch,OU=Projects,DC=CONTOSO,DC=NET Last time Group Policy was applied: 9/24/2014 at 9:03:39 AM Group Policy was applied from: DC01.CONTOSO.NET Group Policy slow link threshold: 500 kbps Domain Name: CONTOSO Domain Type: Windows 2008 or later Applied Group Policy Objects ----------------------------- Don't lock workstation The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) The user is a part of the following security groups --------------------------------------------------- Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE CONSOLE LOGON NT AUTHORITY\Authenticated Users This Organization LOCAL Authentication authority asserted identity High Mandatory Level The user has the following security privileges ---------------------------------------------- Bypass traverse checking Manage auditing and security log Back up files and directories Restore files and directories Change the system time Shut down the system Force shutdown from a remote system Take ownership of files or other objects Debug programs Modify firmware environment values Profile system performance Profile single process Increase scheduling priority Load and unload device drivers Create a pagefile Adjust memory quotas for a process Remove computer from docking station Perform volume maintenance tasks Impersonate a client after authentication Create global objects Change the time zone Create symbolic links Increase a process working set Resultant Set Of Policies for User ----------------------------------- Software Installations ---------------------- N/A Logon Scripts ------------- N/A Logoff Scripts -------------- N/A Public Key Policies ------------------- N/A Administrative Templates ------------------------ GPO: Don't lock workstation Folder Id: Software\Policies\Microsoft\Windows\System\Power\PromptPasswordOnResume State: disabled GPO: Don't lock workstation Folder Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure Value: 48, 0, 0, 0 State: Enabled GPO: Don't lock workstation Folder Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive Value: 48, 0, 0, 0 State: Enabled GPO: Don't lock workstation Folder Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut Value: 48, 0, 0, 0 State: Enabled Folder Redirection ------------------ N/A Internet Explorer Browser User Interface ---------------------------------------- N/A Internet Explorer Connection ---------------------------- N/A Internet Explorer URLs ---------------------- N/A Internet Explorer Security -------------------------- N/A Internet Explorer Programs -------------------------- N/A 关于通过@joeqwerty检查电源pipe理设置的build议,我使用以下设置创build了一个新的电源计划:
我将其设置为活动电源计划,并应用GPO。 25分钟后,机器不再自动locking。
这里是创build这个完整的步骤:
我修改了以前的计划,因为问题是使用KIOSKlocking,但我仍然希望省电。
关于通过@nucrash检查电源pipe理设置的build议,我使用以下设置创build了一个新的电源计划:
Additional Settings -> Require a Password -> On Battery: No Additional Settings -> Require a Password -> Plugged in : No
我将其设置为活动电源计划,并应用GPO。 机器不再自动locking。
这里是创build这个完整的步骤:
In Group Policy Management Editor, edit the target GPO Go to Computer Configuration\Preferences\Control Panel Settings\Power Options In the right pane, right click and select New -> Power Plan (At least Windows 7) In the Advanced settings tab, select the Create action Enter a new plan name (eg "Don't lock") Select Set as the active power plan Expand Additional Settings -> Require a Password on wakeup Change On battery to No Change Plugged in to No Click Apply, OK Apply the GPO to the target machine(s)