Jamie- I think the challenge with this approach is that its not clear to me that Task Scheduler's notion of "Idle" is equivalent to, say, keyboard idle. I think Task Scheduler, like other Windows components such as Offline Files synchronization, consider idle to be a low level of system workload. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Wednesday, February 20, 2008 12:37 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Safe way to change local admin password? You could get really creative here using a scheduled task I think. Have the scheduled task set to run every minute or so, but enable the "only start the task if the computer has been idle for at least xx minutes" checkbox and set that to 120 (2 hours). Have the task actually run the following command: shutdown -l -f -t 00 I would definitely test this out before you try to implement, but it should work in theory. Even if there is no user logged on and the system has been idle for 2 hours I wouldn't think it would cause any problems. The task may run unnecessarily but that's probably a small price pay if it actually does what you want it to. And you could actually get around that aspect too by having a script check if there is a logged on user before executing the command. The only issue would be distributing the task to all of your systems. If you have PolicyMaker (or wait for Server 2008 Group Policy Preferences) you can do this pretty easily within a GPO. Otherwise you would have to script out the creation of the task itself, which can be tricky sometimes. Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | <http://www.integrisok.com/> http://www.integrisok.com From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Wednesday, February 20, 2008 11:09 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Safe way to change local admin password? Mary- Not natively in GP. Winexit.scr would have been my suggestion but if you can't use it, then you may have to look at 3rd party solutions. I haven't looked for these in a long time so maybe others have some suggestions. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Collingwood.Mary Sent: Wednesday, February 20, 2008 9:04 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Safe way to change local admin password? Hello List, I am looking for a way to logoff users who have been logged in for over 2 hours with no activity. We have corporate screensavers that incorporate messages to the employees. From what I've read of winexit.scr it is a replacement of a regular screensaver so I can not use it. Is there a way I can do this with group policy? Mary Collingwood Client Device Integration _____ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). _____ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).