Microsoft have a KB article that suggests a method to do this, but it’s not the best solution. It uses a screen saver as the timing mechanism, and starts a count-down timer in the background. If the user returns to the computer, they need to click a ‘cancel’ button that appears to stop them from being booted out. Not a very good user experience.
We couldn't find anything that did what we wanted. Something that would sit in the background, unobtrusively, and just log a user out after a predetermined amount of time. Oh, and it would be nice to control that amount of time if needed rather easily. Oh, and it would also be nice to disable the auto-logout completely if needed. And if its not asking too much, we want to be able to manage all this centrally.
So putting the screen saver idea aside, it sounded like it was time to develop a small app to do what we needed to. Lithnet.IdleLogoff was born…
As you can see, it is a really simple app, with only a few options for either enabling or disabling the agent and then setting the idle period. The app simply queries the relevant Windows API for the time since the user last interacted with the computer, and calls the logoff function after the specified period has elapsed. The power of this application comes from the fact you can either configure it locally, or manage it centrally via group policy.
The ADMX files are included as a separate download package (see below), just add them to your group policy management console to access the settings. If you enable the setting, then the agent will be activated and log users off at the time you specify. If you disable the setting, then the agent will be disabled and will not log users off automatically. If you leave it as ‘not configured’, then whatever the local administrator of the PC has manually configured will take effect. Group policy will always override whatever you set locally.
To get started with the tool, install it and navigate to %ProgramFiles%\Lithnet\Lithnet.IdleLogoff, and run lithnet.idlelogoff.exe. This will launch the GUI to allow you to enable the agent, and configure the idle timeout. Alternatively, if you are configuring via group policy, then no further action is needed. Log off the workstation, and the next user to login will be subject to your idle logoff policy.
That’s it! No screen savers, message boxes, countdowns, beeps or other annoyances. Unobtrusive, simple, and centrally managed – my three requirements for anything that interacts with our managed desktops.
Download the latest version
Download the group policy extensions
|29/1/2012||1.0.4411 Initial release|