Policy
Allow users to select when a password is required when resuming from connected standby
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016
This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off. If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose. If you disable this policy setting, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. If you don't configure this policy setting on a domain-joined device, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off. If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\System\AllowDomainDelayLock | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAlways use classic logonWindows Server 2003 and versions of Windows from Windows XP Professional through Windows 7.
- ComputerAlways use custom logon backgroundWindows Server 2008 R2 and Windows 7
- ComputerAlways wait for the network at computer startup and logonAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerAssign a default credential providerAt least Windows Server 2016, Windows 10
- ComputerAssign a default domain for logonAt least Windows Vista
- ComputerBlock user from showing account details on sign-inAt least Windows Server 2016, Windows 10
- ComputerDo not display network selection UIAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerDo not display the Getting Started welcome screen at logonWindows 2000 only
- ComputerDo not enumerate connected users on domain-joined computersAt least Windows Server 2012, Windows 8 or Windows RT
- UserDo not process the legacy run listAt least Windows 2000
- ComputerDo not process the legacy run listAt least Windows 2000
- UserDo not process the run once listAt least Windows 2000