🔐 Windows Server Security: Pro Tip (3) | Enforcing Screensaver Policies 🔐

Enforcing Screensaver Policies:

Password-Protected Screensaver Policy:

Enabling a password-protected screensaver is a crucial security measure, even in the latest Windows Server versions (2022/2024). This policy ensures that unattended workstations automatically lock after a period of inactivity, preventing unauthorized access. By hiding the screensaver settings from users and enforcing this policy via Group Policy or the Registry, administrators can maintain security compliance and avoid accidental or malicious changes.

Steps to Enable and Enforce the Password-Protected Screensaver:

Method 1: Using Group Policy Editor (GPEdit.msc)

o    Open the Group Policy (gpedit.msc) -> User Configuration → Administrative Templates → Control Panel → Personalization

Configure the following settings:

§  Enable Screen Saver: Set to Enabled.

§  Password Protect the Screen Saver: Set to Enabled.

§  Screen Saver Timeout: Set the timeout period (e.g., 300 seconds for 5 minutes).

§  Prevent Changing Screen Saver: Set to Enabled to hide the screensaver tab and prevent user changes.

§  Apply the settings and restart or log off to ensure the policies take effect.

Method 2: Using Registry Editor (Regedit)

At Registry Editor (regedit) in the Run dialog (Win + R).

o    HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop

Create or modify the following keys:

o    ScreenSaveActive: Set the value to 1 (enables the screensaver).

o    ScreenSaverIsSecure: Set the value to 1 (enforces password protection).

o    ScreenSaveTimeOut: Set the value to the desired timeout period in seconds (e.g., 900 for 15 minutes).

o NoDispScrSavPage: Set the value to 1 to hide the screensaver tab from users.

Once these changes are made, restart the system or log off and back on to apply them.

Disclimar: The information provided in this article is for knowledge-sharing purposes only. Please exercise caution and consider real-time scenarios before applying.