What's new

A guide on how to lock all the computers on the network with one batch file.

Johncoool

Member
This is being used on Windows 8.1 to lock Windows 7. It has also been tested on Windows 10 and works the same as well.

rundll32.exe user32.dll,LockWorkStation is the command used to lock Windows from command line.
nircmd.exe changesysvolume -65535 is used with nircmd from command line to mute the computer. It will reduce the volume to 0.

After configuration just run the batch file and will lock and mute all the computers in the batch file list.

To create the batch file just open a text file and change the extension from ".txt" to ".bat". To edit the batch file just right click on it and choose edit.

This guide is done with configuration on Tinywall firewall.

The programs used in this guide are.

Nircmd - Download link is: https://www.nirsoft.net/utils/nircmd.html (At the bottom of the page. Not the 64 bit one.)

PStools - Download link is: PsTools - Windows Sysinternals

Tinywall - Download link is: Download TinyWall

WinRar: WinRAR download free and support: Download

The 1st two are compressed folders. Extract the contents of both of them into "C:\Windows\System32" directory on all the involved computers. (If it gives an error then extract the contents to a folder that you create on the desktop then copy the contents to that location).

Install Winrar if you don't have a program to unpack the compressed files.

PStools and Tinywall are Microsoft products.
Tinywall is a firewall that complements the existing Windows firewall for easier management and configuration.

Index for the batch file configuration (All are just example for this thread, the information needs to be obtained from the target computer).

The needed information is for the target PCs only.
Username: Roger
Password: 123
Computer name: PC12
IP address: 100.1.1.2

Computer name can be found from System properties.

There is no need for username and password if they are the same on both systems. You can use the computer name or IP address. It would be recommended to use computer name instead of IP address because IP address changes from time to time.

Blank passwords will not work. You have to create a password for the account.

First example (If both systems have the same username and password):

@Echo Off
PSEXEC -i -s -d \\PC12 rundll32.exe user32.dll,LockWorkStation
Timeout /T 1
PSEXEC -i -s -d \\PC12 nircmd.exe changesysvolume -65535
Exit

Second example (If the systems do not use the same username and password):

@Echo Off
PSEXEC -i -s -d \\PC12 -u Roger -p 123 rundll32.exe user32.dll,LockWorkStation
Timeout /T 1
PSEXEC -i -s -d \\PC12 -u Roger -p 123 nircmd.exe changesysvolume -65535
Exit

Same commands with IP address instead of Computer name:

First example (If both systems have the same username and password):

@Echo Off
PSEXEC -i -s -d \\100.1.1.2 rundll32.exe user32.dll,LockWorkStation
Timeout /T 1
PSEXEC -i -s -d \\100.1.1.2 nircmd.exe changesysvolume -65535
Exit

Second example (If the systems do not use the same user name and password):

@Echo Off
PSEXEC -i -s -d \\100.1.1.2 -u Roger -p 123 rundll32.exe user32.dll,LockWorkStation
Timeout /T 1
PSEXEC -i -s -d \\100.1.1.2 -u Roger -p 123 nircmd.exe changesysvolume -65535
Exit

More computers can be added with the same format above the "exit". Just add a Timeout between each one. The number after the timeout is the amount of seconds.

If you get access denied then enable the local administrator account on the target computer and use the credentials in the second example. (No need to be logged into the account to use it).

To enable the local administrator then right click on cmd and run it as administrator then run this command: administrator /active:yes

Then go to users in control panel and manage the account to create the password. No need to log into the administrator account to continue.

This might need to be used for the computers that are logged on using Microsoft accounts rather than a local account. (I had to use it from Windows 7 to lock Windows 8.1 that is on local account. I did not have to use it from Windows 8.1 to lock windows 7)

Requirements that are needed for it to work properly:

Make sure that file sharing is enabled in the network card that is connected to the network.

1.PNG

Tinywall Firewall settings. (This setting is for a particular firewall called Tinywall).

Test the system and if it does not work then do a test and unblock the firewall on both machines just to run a test. If it works then continue with the following.

1. Right click on the taskbar Tinywall icon
2. select the Show connections

2.png

3. Then select show blocked active connections only.
2.png

4. Then right click on one of the System process in the list and click on Unblock.
3.PNG
5. Select Unblock all recommended files. This way it will unblock the needed files for the solution to work.

4.png

6. Right click on the Tinywall icon and choose Manage.

9.png
7. Then go to the Application Exceptions Tab and select System from list and click on modify.

8. Then choose the Exception lifetime. Choose restrict to local network. If you face any issues with a program that cannot reach the internet then just remove the "Restrict to local network". It might have been enabled by default.

6.png

This should be enough to get it to work.

If you like it to auto run every time you lock the system then follow the below method:

Create a task in task scheduler.

Create a name e.g. Lock computers on the network

In trigger tab, choose the below.

7.png

In actions tab, select the bat file that has the lock script.

Then the final setting is shown here below for laptops or tablets. Remove the check mark from it.

8.png

One thing that could be an issue with this is. If you set password on resume from screensaver then it will also lock the other devices at the same time when the screensaver is triggered. Which could be irritating if using one of the other machines and it locks up. Then it needs to be unlocked.

There is a work around for this if it is an issue.

Remove the use password option on resume from the screensaver settings.

Use a third party software to do the job. Some of them are free.

There is software that works similar to locking the computer with an idle timer. The computer will not lock up. It will just run a program on top of the desktop preventing access to the device.

There is a program called Keyfreeze that is free and can lock the keyboard and mouse on a timer but does not blank out the screen.

Download link is: BlueLife KeyFreeze v1.4 (Block keyboard and mouse)

There are also programs that can blank out the screen and are 100% secure. Just needs a search. (Some of them are free)
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo G50-80
    CPU
    I3 1.7GHz
    Memory
    12GB
    Graphics Card(s)
    Intel
    Antivirus
    Free-AVG

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top