Enforcing lock screen after idle time via GPO

Solution 1:

Actually I found (and tested) in Windows Server 2012 R2, under:

Computer Configuration>Policies>Windows Settings>Security Settings>Local
Policies>Security Options>

And open item Interactive logon: Machine inactivity limit

Explanation:

Interactive logon: Machine inactivity limit.

Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.

Default: not enforced.

Solution 2:

Well, through Group Policy you can force to lock down a workstation via a password protected screensaver, but not to log it off. The GPO settings for locking down a workstation via screensaver can be found at: Administrative templates\control panel\display\password protect the screen saver and screen saver timeout.

---

Solution 3:

The more direct solution you are likely looking for is located in:

Group Policy Management / Group Policy Editor

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

Microsoft Network Server: Amount of idle time required before suspending session.