On Error Resume Next<\/p>\nSet objShell = CreateObject(“Wscript.Shell”)\nobjShell.Run “%windir%\\System32\\rundll32.exe user32.dll,LockWorkStation”\n<\/PRE>\n
This works great for the local computer, but doesn\u2019t do you much good if you\u2019re trying to lock a remote computer; you can\u2019t specify a remote computer name when running Rundll32.exe. But that\u2019s OK: if this script only runs locally, then all we have to do is make sure it runs locally on the remote computer<\/I>. Can we do such a thing? You bet we can.<\/P>\n
First, save the preceding script – the one that actually locks the computer – as Lock_workstation.vbs and – for simplicity\u2019s sake – save it to C:\\Scripts. Next, create a second script – give it any name you want – and paste this code into it:<\/P>
Const OverwriteExisting = TRUE<\/p>\nSet objFSO = CreateObject(“Scripting.FileSystemObject”)\nobjFSO.CopyFile “C:\\Scripts\\lock_workstation.vbs”, _\n “\\\\atl-ws-01\\C$\\Scripts\\”, OverWriteExisting<\/p>\n
strComputer = “atl-ws-01”\nSet objWMIService = GetObject _\n(“winmgmts:\\\\” & strComputer & “\\root\\cimv2:Win32_Process”)<\/p>\n
Error = objWMIService.Create _\n (“cscript c:\\scripts\\lock_workstation.vbs”, null, null, _\n intProcessID)\n<\/PRE>\n
What does this code do? Well, to begin with, it copies our first script – C:\\Scripts\\Lock_workstation.vbs – to the C:\\Scripts folder on the remote computer atl-ws-01. Two things to keep in mind here. First, the script assumes that you haven\u2019t disabled the administrative share (C$) on the remote computer; second, it assumes that the folder C:\\Scripts exists in the remote computer. (Of course, there\u2019s no reason why the file has to be copied to C:\\Scripts; you can copy it to any folder you want.)<\/P>\n
After the first part of the script executes, the file Lock_workstation.vbs will be sitting in the C:\\Scripts folder on the remote computer. In the second part of the script, we connect to the WMI service on the remote computer, and then call the Create method (which happens to be part of the Win32_Process class). And what exactly do we do<\/I> with the Create method? Well, we simply run the script Lock_workstation.vbs. What\u2019s cool about that, however, is that the Create method will cause the script to run on the remote machine<\/I>. And because the script is running on the remote machine, Rundll32.exe will work, and the remote computer will be locked. Give it a try, and you\u2019ll see for yourself.<\/P>\n
Note<\/B>. One caveat: this script runs under the security context of the user logged on the remote computer. If that user doesn\u2019t have the right to lock the computer, then the script will fail.<\/P>\n
Of course, this is bound to raise at least two questions. Let\u2019s take the easy one first: can you write a script that unlocks<\/I> a workstation? As far as we know, you can\u2019t; in fact, as far as we know the only way to unlock a workstation is to have someone go to the computer, press Ctrl-Alt-Delete and log on. On the bright side, though, you can still run scripts against a locked workstation; after all, a locked computer is still up and running.<\/P>\n
The second question is a bit trickier: is there any way to tell whether or not a computer actually is<\/I> locked? Well, there\u2019s no foolproof way, at least not that we\u2019re aware of. But here\u2019s a script that can<\/I> work, as long as:<\/P>\n
1. The remote computer is configured to use a screensaver. <\/P>\n
2. The workstation is automatically locked any time the screensaver is running. <\/P>\n
3. The \u201ctimeout\u201d period has elapsed and the screensaver is actually running. (For example, by default the screensaver doesn\u2019t start up until a computer has been inactive – or locked – for ten minutes.)<\/P>\n
If all the above are true, this script can tell you if the computer is locked; it does that by grabbing the executable file name for the screen saver, and then checking to see if that executable file is running (by looking at instances of the Win32_Process class). If the screensaver is running then, by definition, the computer must be locked:<\/P>
On Error Resume Next\nHKEY_CURRENT_USER = &H80000001<\/p>\nstrComputer = “crowtrobot2”<\/p>\n
Set objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\default:StdRegProv”)<\/p>\n
strKeyPath = “Control Panel\\Desktop”\nValueName = “ScrnSave.exe”\nobjWMIService.GetStringValue HKEY_CURRENT_USER, strKeyPath, ValueName, strValue\nstrValue = Replace(strValue, “\\”, “\\\\”)<\/p>\n
Set objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colItems = objWMIService.ExecQuery _\n (“Select * From Win32_Process Where ExecutablePath ='” & strValue & “‘”)<\/p>\n
If colItems.Count > 0 Then\n Wscript.Echo “The computer is locked.”\nElse\n Wscript.Echo “The computer is not locked.”\nEnd If\n<\/PRE>\n
Note that this script isn\u2019t quite as complicated as it looks; the one weird part is this line of code:<\/P>
strValue = Replace(strValue, “\\”, “\\\\”)\n<\/PRE>\nThat\u2019s needed because the ExecutablePath will be something like this:<\/P>
C:\\WINDOWS\\System32\\logon.scr\n<\/PRE>\nHowever, when you use a path in a WMI query, you have to double up all your slashes, like so:<\/P>
C:\\\\WINDOWS\\\\System32\\\\logon.scr\n<\/PRE>\nThat\u2019s what the Replace function is doing: replacing each \\ with \\\\.<\/P>\n
Like we said, it\u2019s not exactly foolproof, but it\u2019s the best we\u2019ve been able to come up with so far. If you wanted to make it a little bit more<\/I> bulletproof, you could add code that ensures that the computer is actually using a screensaver (ScreenSaverActive) and that the workstation automatically locks any time the screensaver is running (ScreenSaverSecure). If you wanted to get really<\/I> fancy, you could even determine the screensaver timeout value (ScreenSaverTimeout), pause the script for that amount of time, and then<\/I> check to see if the screensaver is running. <\/P>\n
Of course, even that wouldn\u2019t suffice in all cases: after all, this code won\u2019t distinguish between a computer that\u2019s locked and a computer where no one is logged on; it just tells us that the screensaver is running. Is there a way to tell whether or not any one is logged on to a computer? We\u2019re not really sure, to tell you the truth, but that\u2019s something we\u2019re looking into.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! I know how I can shut down a computer using a script, and I even know how I can log a user off using a script. But is there any way I can lock a workstation using a script?— TO-R Hey, TO-R. Most likely you\u2019re familiar with the Win32Shutdown method found in […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[16,47,3,5],"class_list":["post-71003","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-desktop-management","tag-general-management-tasks","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! I know how I can shut down a computer using a script, and I even know how I can log a user off using a script. But is there any way I can lock a workstation using a script?— TO-R Hey, TO-R. Most likely you\u2019re familiar with the Win32Shutdown method found in […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/71003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=71003"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/71003\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=71003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=71003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=71003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \n