Windows Server How-To

How To Disable Windows Server's Auto Lock Feature

Windows Server 2012's most annoying feature can be bypassed -- just not in the way that you would expect.

I wanted to use one of my posts this month to write about what is, in my humble opinion, Windows Server 2012 R2's most annoying feature: the server's auto lock. For those who might not have spent a lot of time working with Windows Server 2012 R2, the operating system is configured by default to detect keyboard and mouse input. If the administrator is determined to be idle for too long, then the operating system is automatically locked. This means that the server will display a lock screen and will require the administrator to enter a password in order to go back to whatever they were doing.

I will be the first to admit that in some circumstances Windows Server's auto lock feature can improve security. If,for example, an administrator accidentally walks away from a server console without first logging out, the console will be automatically locked. Of course in production environments, administrators often rely on management tools that are installed on the desktop rather than logging directly into the server console, but I digress.

The problem with the auto lock feature is that it really tends to get in the way in certain situations. This is especially true of lab environments. Servers in lab environments tend to get much more hands-on use than production servers, and the automatic lock can be especially disruptive. There is nothing more annoying than to have to enter a password every time that you stop to check the documentation for the lab setup that you are building. This can be especially true when you are working on multiple servers at the same time.

I have run into similar issues while troubleshooting problems on production servers. The lock screen may, for example, engage while I am waiting for a PowerShell command to complete or waiting for an update to install.

Thankfully, there is a way to disable the auto lock mechanism. You can permanently disable this mechanism, or you can just adjust it to give yourself a bit more time before the console locks. Another option might be to disable the lock on a temporary basis. For instance, you might disable the auto lock mechanism for just long enough to troubleshoot a problem, and then re-enable the mechanism.

Before I show you how to disable the auto lock mechanism, I just want to quickly give Microsoft a suggestion. Auto lock isn't a bad idea, but it is disruptive. So how about a compromise? An optional transparent lock screen would be far less disruptive. That way, an administrator who is waiting for a patch to install or waiting for a utility to finish running can monitor the operation's progress without having to unlock the console every few minutes.

OK, so how can you disable the Windows Server auto lock feature? In the past, the lock was tied to the screen saver. A server's screen saver could be set to engage after a specific length of time, and the screen saver could be set to require a password. Although this type of locking mechanism has been around for many years, Microsoft used a completely different approach in Windows Server 2012 R2. In fact, the locking feature has nothing to do with the screen saver.

You can gain control over the Windows Server 2012 R2 lock screen by editing the group policy. To do so, open the Group Policy Object Editor and then navigate to Computer Configuration \ Policies \ Administrative Templates \ System \ Power Management \ Video and Display Settings, as shown in Figure 1. The setting that controls the lock is called Turn Off the Display (Plugged in).  To disable the lock, enable this setting and change the value of Turn Off the Display (Seconds) to 0, as shown in Figure 2.

[Click on image for larger view.] Figure 1. Navigate to Computer Configuration \ Policies \ Administrative Templates \ System \ Power Management \ Video and Display Settings.


[Click on image for larger view.] Figure 2. Enable the Turn Off the Display (Plugged in) setting and change its value to 0.

As a general rule, you should probably leave the lock screen enabled unless you have a compelling reason to disable it. After all, Microsoft did enable auto lock for a reason. Even so, there are situations in which auto lock can get in the way, so it's nice to know how to disable it when necessary.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.


comments powered by Disqus

Subscribe on YouTube