You might be working towards your VCP or VCAP exam in your lab and often in the Windows VMs the lock screen is in the middle asking you to CTRL + Del + Enter AND the also to type the domain admin password. In Windows based OSs like Windows Server 2012 or Windows 8 It's quite annoying to hit CTRL + Alt + Del and then type the admin password all the time after a certain time of not using the server/workstation. That's why I'll show you How To Disable Lock Screen in Windows whether it's Server OS (Windows Server 2012/2012R2) or Client OS (Windows 8/Windows 8.1).
All those system's default settings when joined to a domain inherit the default domain policy. This domain policy can be changed OR you can create a new GPO and link it to the domain (preffered in prod).
When you jump from server to server and each time you have to hit the CTRL + Alt + Delete and then type the admin password, very fast you'll want to find a solution on how to disable that. For standalone systems (not joined to an AD domain) you'll have to however do it manually. If you homelabbing and having between 20-30 VMs running depending on what are you testing, than it's handy to deactivate the option. That's why How To Disable Lock Screen in Windows article.
Usually you will want to do it on for example when working with:
- Training kits
- Lab or demo environments
- POC concepts
It's NOT a good idea of doing it on production environment…
There are two (three) ways of doing it. If you have only single server or just two servers you can probably try this simple method, but if you have an AD with several servers, and adding/deleting new VMs every day than you would probably want to use a GPO and activate it at the domain level, right? I'll show you both ways and additionally, a way to do it via registry on older OS.
How To Disable Lock Screen in Windows – Single Server Option
You can do this (and it's just few clicks) on single machine, but as I'm being lazy and don't want to do it each time I create and add new VM to a domain. The solution for standlone machines or just a few VMs:
Open Control Panel > Power Options > Change Plan Settings > Turn off the display > Set to Never
Multiple Server Option (via GPO)
There is two options to activate via GPO. You can create a new GPO and linked it to the OU you like or you can change the default domain GPO (not recommended in production environments..).
First open your GPMC console and locate the policy at Computer Configuration > Policies > Administrative Templates > Control Panel > Personalization > Do not display the lock screen.
Then you can edit and enable the policy..
And the second thing which is necessary to do is to apply the create new powerplan.
To do that you just go to Computer Configuration > Preferences > Control Panel Settings > Power Options> Power Plan (at least Windows 7).
And set those options here…(you can also check other options too).
So the GPO in details should looks like this:
If you don't want to wait until the default interval applies the new settings on your Active Directory domain you can force the application immediately. This will apply the computer policy and user policy objects which depends on that policy.
Note: that we have modified the default AD policy. If you don't want to touch the default domain policy you can always create a new GPO and apply it at the top (domain level).
To apply this policy to the domain controler just open command prompt and refresh your domain policy with this command:
gpupdate /force
For the client computers/server you'll need to reboot to apply the GPO from your DC, or you need to individually login and do an “gpupdate /force” to each one of those. If you have just a bunch of Windows LAB VMs you can perhaps just reboot them.
There might be a way with psexec to remote refresh the GPO, but it's outside the scope of this post.
From now on when you add a new Windows server or Desktop to your lab environment, there will be no need to do the CTRL + Alt + Delete again, except only the first time after reboot… (and every time when you shut down the system of course…)
Update: It seems that the plan IS working. In my testing however I did a beginner mistake not having the computer in the right OU (to which I was applying the group policy).. Ooops..-:). Oh well, it happens. Sorry about that. But this is working and when you logs in to the client computer you can see that the properties of the powerscheme are managed by system administrator.
The client computer has this policy now and the “fullspeed” power scheme created via the preferences. .
Hello, did you try this :
http://www.askvg.com/how-to-disable-lock-screen-in-windows-8/
I did not, but perhaps it helps
Michel
That works for standalone PCs/servers. But not in AD environment where the GPO propagates onto all the AD objects. Nice try.. -:)
And why not use AD loopback policies in this case ?
I have to use them on TS Servers to limit the reach of User Policy Settings.
Michel
You gave me an idea… -:) Thanks.