19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting enables/disables the use of desktop screen savers.

The recommended state for this setting is: Enabled.

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Impact:

A screen saver runs, provided that the following two conditions hold: First, a valid screen saver on the client is specified through the recommendation 'Force specific screen saver' or through Control Panel on the client computer. Second, the recommendation 'Screen saver timeout' is set to a nonzero value through the setting or through Control Panel.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Enable screen saver

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

Default Value:

Enabling/disabling the screen saver is managed locally by the user.

See Also

https://workbench.cisecurity.org/files/3719