Unattended Windows devices that are active with a user that is still logged in can create opportunities for unauthorized access to information and misuse of accounts. As an IT Admin, you can remotely apply a policy to lock one inactive device or your entire fleet of devices in your organization.
JumpCloud’s Lock Screen Policy automatically locks the screen and turns on the screen saver if a managed device is inactive for a specified period of time. The policy requires the user to enter the device password to unlock the screen. JumpCloud also provides a Lock Screen Policy for Linux and Mac devices.
The Lock Screen Policy can lock an inactive device only after mandatory OS processes have completed. There are other settings the user can specify to activate the screensaver with an interval of time that differs from your policy.
- If you’re experiencing delays with the Lock Screen Policy, request that all users to log out and back in to all devices.
- When you apply the Lock Screen Policy to devices for the first time, all users are required to log out and back in before the policy takes effect.
- When you modify the Timeout value, all users are required to log out and back in before the policy changes take effect.
- When you uninstall the Lock Screen Policy, it immediately stops being enforced.
- If you uninstall and then reinstall the Lock Screen Policy, it’s immediately enforced. However, the Timeout value in the uninstalled policy is the one JumpCloud uses. To reset the old value to the value in the newly reinstalled policy, all users are required to log out and back in.
- Many settings affect screen locking, including the following:
- JumpCloud Lock Screen Policy Timeout
- Screen Saver Settings
- Power and Sleep Settings
The shortest setting is the one that takes effect first.
Create a Lock Screen Policy for Windows Devices
Create a Lock Screen policy to apply to devices and groups.
To create a Windows Lock Screen policy
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- Click (+) and select the Windows tab.
- Locate the Lock Screen Policy and click configure.
- On the New Policy panel, enter a new name for the policy or keep the default. Policy names must be unique.
- Under Settings, enter the number of seconds before the screensaver is launched and password is required in Timeout (seconds).
- (Optional) Click the Device Groups tab and select one or more device groups that will use this policy.
For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Click the Devices tab and select one or more devices that will use this policy.
- Click save.
- Users must log out and back in to all devices where this policy was applied for it to take effect.