19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'

Information

This policy setting enables/disables the use of desktop screen savers.

The recommended state for this setting is: Enabled.

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Enable screen saver

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

Impact:

A screen saver runs, provided that the following two conditions hold: First, a valid screen saver on the client is specified through the Force specific screen saver setting (Rule 19.1.3.2) or through Control Panel on the client computer. Second, the Screen saver timeout setting (Rule 19.1.3.4) is set to a nonzero value through the setting or through Control Panel.

Default Value:

Enabling/disabling the screen saver is managed locally by the user.

See Also

https://workbench.cisecurity.org/files/2700

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11a., CSCv6|16.5

Plugin: Windows

Control ID: 78c22901ee33ff1d4114eafc06d721c4836d7d7b5bde805eae6b9e8686ac3012