Machine Inactivity Timeout (DISA-STIG)

Quick access (integrated, without a manual registry) to the following setting would be helpful (It is a DISA-STIG requirement):

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
Value Name: InactivityTimeoutSecs
Value Type: REG_DWORD
Default Value: 0x00000384 (900) (or less)
 

Necrosaro

Active Member
Quick access (integrated, without a manual registry) to the following setting would be helpful (It is a DISA-STIG requirement):

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
Value Name: InactivityTimeoutSecs
Value Type: REG_DWORD
Default Value: 0x00000384 (900) (or less)
If you don't mind me asking what would this do for extending the timeout. Does it just delay timeout tasks that only happen when in idle for awhile?
 

garlin

Moderator
Staff member
This for organizations that require a mandatory idle lockscreen, for protecting your desktop when you walk away.
My former company had this enforced by domain GPO.
 

Necrosaro

Active Member
This for organizations that require a mandatory idle lockscreen, for protecting your desktop when you walk away.
My former company had this enforced by domain GPO.
Ahh so no need to do anything to it for the majority of people. Thanks
 

garlin

Moderator
Staff member
Ahh so no need to do anything to it for the majority of people. Thanks
Unless you have obnoxious friends.

My former company had a domain rule which managed the idle timeout. We had a work game, where if someone found your unlocked desktop, your Outlook would send a team email promising to buy donuts for the next meeting.

So many donuts...
 
In UNIX shops, if you leave a unlocked terminal with an active SUDO cookie or root shell visible, instead of filing CyberSecurity incident report, a "friend" may simply write on the current terminal:

# # rm -rf / # lock your terminal next time

Just hope you don't press the enter key when you return and wake your terminal from ACPI Sleep mode >:}

But yes, the Microsoft default is 900 (15 minutes), but DISA-STIGS requires not be more and should be substantially less.
 
Top