Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

SEM - Monitoring user not locking their screen when inactive

Hello guys,

Before sending everyone working remotely at home, I used to take a walk from time to time around the building to see if unattended computers were locked.

Now that we are all at home, I am hoping the employees are still keeping that good habit of locking their screen when leaving their computers, and i was wondering if someone here perhaps had an hindsight on if I could have that kind of monitoring done with SEM.

Thank you !

0 Kudos
2 Replies
Level 8

I will set a GPO to auto lock screen after Idle item was this would prevent this.

that would be more affective. 

Once they connect to VPN the gpo will be applied if there are domain controlled computers.

0 Kudos
Level 16

You could try something like this.

Those events are logged at machine locally in case auditing is enabled (Computer Configuration-Windows Settings-Security Settings-Advanced Audit Policies-Logon/Logoff-Audit Other Logon/Logoff Events). you can remotely check Security logs for event id  4800 (locked)  4801 (unlocked)

get-eventlog -newest 1 -LogName Security -computername <ServerName> | where {$_.eventID -eq 4800}
0 Kudos