19.1.3.3 Ensure 'Password protect the screen saver' is set to 'Enabled'

Information

This setting determines whether screen savers used on the computer are password protected.

The recommended state for this setting is: Enabled.

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Password protect the screen saver

Note: This Group Policy path is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:

All screen savers are password protected. The 'Password protected' checkbox on the Screen Saver dialog in the Personalization or Display Control Panel will be disabled, preventing users from changing the password protection setting.

Default Value:

Whether or not to password protect each screen saver is managed locally by the user.

See Also

https://workbench.cisecurity.org/files/2700

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11a., CSCv6|16.5

Plugin: Windows

Control ID: 1d2861fdf272e7fa3fb58eb6c1d450d1d923a5dee876d2f10b6dd18dbf84b101