Information
This setting specifies how much user idle time must elapse before the screen saver is launched.
The recommended state for this setting is: 'Enabled: 900 seconds or fewer, but not 0'.
Note: This setting has no effect under the following circumstances:
- The wait time is set to zero.
- The 'Enable Screen Saver' setting is disabled.
- A valid screen existing saver is not selected manually or via the 'Screen saver executable name' setting
Rationale:
If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it.
Configuring a timed screen saver with password lock will help to protect against these hijacks.
Solution
To establish the recommended configuration via GP, set the following UI path to 'Enabled: 900 or fewer, but not 0':
User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Screen saver timeout
Note: This Group Policy path may not exist by default.
It is provided by the Group Policy template 'ControlPanelDisplay.admx/adml' that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).
Impact:
The screen saver will automatically activate when the computer has been left unattended for the amount of time specified, and the users will not be able to change the timeout value.