We are developing some MFA (multi-factor authentication) support on Windows. After entering the user password it will have other challenge like email/phone calls.
But on Windows 10 we found that the login screen (not remote) will close after 30s of inactivity. In some cases the email/phone challenge may take more than 30s, and logon screen being closed will stop the email/phone wait.
Is there any way, like registry, to change the Windows 10 logon timeout value?
The registry controlling the login screen timeout is
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
DWORD Value: IdleTimeOut
Unit: msec
Because the registry key wasn't here and adding it didn't work.
My windows versions (for info):
(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\WindowsNT\CurrentVersion").ReleaseId
#1803
Get-WmiObject win32_operatingsystem | Select-Object caption, version
#caption version
#------- -------
#Microsoft Windows 10 Pro 10.0.17134
1. Get Your Scheme or use 'SCHEME_CURRENT' alias
Check your current power scheme:
powercfg.exe /LIST
#Existing Power Schemes (* Active)
#-----------------------------------
#Power Scheme GUID: 381b4222-f694-41f0-9685-ff5bb260df2e (Balanced) *
#Power Scheme GUID: 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c (High performance)
#Power Scheme GUID: a1841308-3541-4fab-bc81-f71556f20b4a (Power saver)
Get your current scheme alias:
(powercfg.exe /QUERY ((powercfg.exe /GETACTIVESCHEME) -replace '.* ([0-9a-f-]{36}) .*', '$1'))|Select-String -Pattern "^ GUID Alias"
#GUID Alias: SCHEME_BALANCED
2. Set lock timeout AC or DC
Use /SETACVALUEINDEX when you are not on battery
Use /SETDCVALUEINDEX when on battery
The value is in seconds, so here 1200s = 60s * 20 i.e. 20minutes
powercfg.exe /SETACVALUEINDEX SCHEME_CURRENT SUB_VIDEO VIDEOCONLOCK 1200
No comments:
Post a Comment