19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'

Information

This policy setting specifies the screen saver for the user's desktop.

The recommended state for this setting is: Enabled: scrnsave.scr.

Note: If the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored.

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: scrnsave.scr:

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Force specific screen saver

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

Impact:

The system displays the specified screen saver on the user's desktop. The drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel will be disabled, preventing users from changing the screen saver.

Default Value:

Disabled. (Users can select any screen saver.)

See Also

https://workbench.cisecurity.org/files/2700

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-11a., 800-53|CM-7(5), CSCv6|2.2

Plugin: Windows

Control ID: 5145303435bea8fb6a6398889129727a8dc277fcdc00ad63e08dd44476d0c538