Microsoft KB Archive/262646

= How to Lock a Workstation from the Command Line =

PSS ID Number: 262646

Article Last Modified on 10/15/2002

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional
 * Microsoft Windows NT Server 4.0
 * Microsoft Windows NT Workstation 4.0

-



This article was previously published under Q262646



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
This article describes how to lock a Windows 2000-based workstation from the command line. This article also describes a similar solution that requires additional configuration for Microsoft Windows NT 4.0.



Windows 2000
As stated in the following Microsoft Knowledge Base article, if you start a screen saver manually from the command-line by using only the screen saver's file name, the screen saver does not require a password and the workstation is not locked:

228160 Screen Saver Is Not Password Protected If Started Manually

To lock a workstation programmatically, you can use the Win32 LockWorkStation function. You can call this function from the command line by using the Run32dll interface. To lock a workstation from the command line, use the following command:

rundll32 user32.dll,LockWorkStation

Note that this command is white space sensitive and case sensitive. This call was introduced in Windows 2000 and is not supported in earlier versions of Windows.

Windows NT 4.0
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

There is no solution to lock a Windows NT 4.0-based workstation from the command line. You can, however, achieve a similar effect with some additional configuration.

In Windows NT 4.0, you can use the SendMessage call to send a SC_SCREENSAVE message to the topmost window, which locks the workstation if the current user has a screen saver configured and the screen saver is configured to require a password.

To ensure that a screen saver is configured, you can create registry entries. Run a registry (.reg) file that adds the following entries from the command line:

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive = 1

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure = 1

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeout =

HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE = %SystemRoot%\System32\

Some screen savers require additional parameters in the following registry key as well:

'''HKEY_CURRENT_USER\Control Panel\Screen Saver. '''

After you create these registry entries, the following call invokes the screen saver:

PostMessage(GetForegroundWindow,WM_SYSCOMMAND, SC_SCREENSAVE, 0);

You must write and compile a short program (.exe file) that contains this call. You can then call your program from the command line to activate the screen saver. Because the ScreenSaverIsSecure value in the registry has been set to 1, this has the effect of locking the workstation.

Keywords: kbenv kbinfo KB262646

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinNT400search kbWinNTS400 kbWinNTS400search kbWinNTsearch kbWinNTSsearch kbWinNTW400 kbWinNTW400search kbWinNTWsearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2003 Microsoft Corporation. All rights reserved.