3.1.3.1 (L1) Ensure 'Enable screen saver (User)' is set to 'Enabled'

Information

This policy setting enables/disables the use of desktop screen savers.

The recommended state for this setting is: Enabled

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled

Administrative Templates\Control Panel\Personalization\Enable screen saver (User)

Impact:

A screen saver runs, provided that the following two conditions hold: First, a valid screen saver on the client is specified through the recommendation

Force specific screen saver

or through Control Panel on the client computer. Second, the recommendation

Screen saver timeout

setting is set to a nonzero value through the setting or through Control Panel.

See Also

https://workbench.cisecurity.org/benchmarks/16852