cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

SEM - Monitoring user not locking their screen when inactive

Hello guys,

Before sending everyone working remotely at home, I used to take a walk from time to time around the building to see if unattended computers were locked.

Now that we are all at home, I am hoping the employees are still keeping that good habit of locking their screen when leaving their computers, and i was wondering if someone here perhaps had an hindsight on if I could have that kind of monitoring done with SEM.

Thank you !

0 Kudos
2 Replies
Level 8

I will set a GPO to auto lock screen after Idle item was this would prevent this.

https://community.spiceworks.com/topic/1416384-gpo-to-lock-the-computer-after-10-minutes-of-inactivi...

that would be more affective. 

Once they connect to VPN the gpo will be applied if there are domain controlled computers.

0 Kudos
Level 16

You could try something like this.

Those events are logged at machine locally in case auditing is enabled (Computer Configuration-Windows Settings-Security Settings-Advanced Audit Policies-Logon/Logoff-Audit Other Logon/Logoff Events). you can remotely check Security logs for event id  4800 (locked)  4801 (unlocked)

Powershell
get-eventlog -newest 1 -LogName Security -computername <ServerName> | where {$_.eventID -eq 4800}
0 Kudos