19.1.3.2 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled'

Information

This setting determines whether screen savers used on the computer are password protected.

The recommended state for this setting is: Enabled

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Password protect the screen saver

Note: This Group Policy path is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:

All screen savers are password protected. The 'Password protected' checkbox on the Screen Saver dialog in the Personalization or Display Control Panel will be disabled, preventing users from changing the password protection setting.

See Also

https://workbench.cisecurity.org/benchmarks/15273