11.5. Enabling Screensaver Locking

Problem

You want to enable screensaver locking to prevent an administrator leaving the console of a server unlocked and exposing it to an intruder.

Solution

Using a graphical user interface

The following instructions enable screensaver locking for the currently logged on user:

  1. Right-click the desktop background and select Properties.

  2. Select the Screen Saver tab.

  3. Select Blank for the screensaver, enter the number of minutes to wait before starting the screensaver and check the box beside On resume, password protect.

  4. Click OK.

The following instructions enable screensaver locking using group policy:

  1. Open the Group Policy Management Console (GPMC).

  2. In the left pane, navigate to the target group policy, right-click it, and select edit. This will launch the Group Policy Object Editor.

  3. In the left pane, expand User Configuration Administrative Templates Control Panel and click on Display.

  4. In the right pane, there are five settings you can modify to control screensaver behavior. These include Hide Screen Saver tab, Activate screen saver, Screen saver executable name, Password protect the screen saver, and Screen Saver timeout.

Using a command-line interface

The following commands enable screensaver locking in the default user profile. Any user who logs in after these commands are run will use these settings. Any user who logged in before these commands are run will retain their original settings.

The following command configures the blank screensaver:

> reg add ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.