Loading...
 
Skip to main content

DRAFT

You can always lock your PC manually when you walk away from it to prevent somebody snooping on your user’s screen, by just pressing the Win + L keys together (or Command+Control+Q for macOS). You can also use the Local Security Policy with an Administrator account to set the exact time in seconds of inactivity after which your PC will lock itself automatically in case you forget to lock it manually.

To do this, you can choose between two approaches:

Changing the Security options:

  1. Type Local Security Policy in Windows Search and press the Enter key or press the Win + R keys together to open the Run box and type secpol.msc
  2. In the left pane, click the down arrow next to "Local Policies" to expand it.
  3. Double-click on Security Options
  4. For Windows 10: Double-click the section "Machine will be locked after". For Windows 11: Double-click "Interactive Login: Machine inactivity limit".
  5. Decide the timeout to apply in seconds
  6. Click Apply and OK.
  7. Reboot your computer

Or 

Changing the Group Policy Objects

  1. Open the local policies, by running the “gpedit” command
  2. Browse to User Configuration, Administrative templates, Control Panel, Personalization
    1. Double click “Enable screen saver”, and choose Enabled, click OK
    2. Double click “Password protect the screen saver”,  and choose Enabled, click OK
    3. Double click “Screen saver timeout”, type the number of seconds to wait to enable the screen saver, click OK
  3. Reboot your computer

 

Now, your PC will lock itself after the specified period of inactivity. If someone tries to unlock your PC while you're away, they will need to enter your password.

If you want to reverse this setting and disable automatic locking, follow these instructions again and set the time in seconds to 0. This will revert to the default setting, which does not automatically lock your PC.

You may need to seek additional security, if you are using Bitlocker. Because when your computer enters sleep mode, attackers may find your BitLocker password in memory, so it is advised to replace “standby mode” with “hibernation”.

The following change activates hibernation settings. If you have enabled password protection with  BitLocker, then when your computer resumes from hibernation, it will ask you for your BitLocker password. 

During "hibernation" your computer will save all its memory content to the drive. This is fast on a Solid-State Drive (SSD) but could take some time on a spinning hard drive (HDD). The larger the memory the more space will be needed on the drive. If your computer takes too long to hibernate, you may consider extending the timeout delay chosen or just reverting the settings below. Not all people may feel concerned about this extra step, but those living in a sensitive country probably should.

 

This step will add the “Hibernate” option to the Power Options menu (when you click Start\Power to shut down your computer).

  • Open Gpedit
  • Browse to Computer Configuration\Administrative Templates
  • Click on “Windows Components”, click on “File Explorer”
  • In the right pane double-click “Show hibernate in the power options menu”
  • Click “Enabled” and OK

The following important changes disable the standby state

  • Browse to Computer Configuration\Administrative Template
  • Double-click “System” then “Power Management” then “Sleep Settings”
  • In the right pane:
    • Double-click “Allow standby states (S1-S3) when sleeping (plugged in)”
    • Choose “Disabled”, click “OK”
    • Double-click “Allow standby states (S1-S3) when sleeping (on battery)”
    • Choose “Disabled”, click “OK”

 

The following changes are optional but advised.

You may want to force your computer to enter hibernate state after a certain period of inactivity. You must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate, 600 seconds for example. Normally when your computer resumes from hibernation (after the idle time has elapsed) it will ask you for your BitLocker password and after that it will ask you for your Windows password. If you want to do to this, in the same pane as above:

  • Double-click “Specify the system hibernate timeout (on battery)”
  • Choose “Enabled”
  • Change the “System Hibernate Timeout” from 1 to the desired value in seconds
  • Click “OK
  • Double-click “Specify the system hibernate timeout (plugged in)”
  • Choose “Enabled”
  • Change the “System Hibernate Timeout” from 1 to the desired value in seconds
  • Click “OK”

 

Please note that if you activate that setting, your computer may hibernate as you are doing a presentation. To avoid this problem, use the Presentation Mode in Windows when needed (type in “presentation” in the search box, and select “adjust settings before giving a presentation” and select “I am currently giving a presentation” to temporarily activate this mode).

Now close the “Local Group Policy Editor” window and restart your computer.

 

You might like to view this video

Security Best Practices 

 

 

Contributors to this page: admin .
Page last modified on Tuesday March 4, 2025 11:16:02 GMT-0000 by admin.
Show PHP error messages