11.5. Enabling Screensaver Locking
You want to enable screensaver locking to prevent an administrator leaving the console of a server unlocked and exposing it to an intruder.
Using a graphical user interface
The following instructions enable screensaver locking for the currently logged on user:
Right-click the desktop background and select Properties.
Select the Screen Saver tab.
Select Blank for the screensaver, enter the number of minutes to wait before starting the screensaver and check the box beside On resume, password protect.
The following instructions enable screensaver locking using group policy:
Open the Group Policy Management Console (GPMC).
In the left pane, navigate to the target group policy, right-click it, and select edit. This will launch the Group Policy Object Editor.
In the left pane, expand User Configuration → Administrative Templates → Control Panel and click on Display.
In the right pane, there are five settings you can modify to control screensaver behavior. These include Hide Screen Saver tab, Activate screen saver, Screen saver executable name, Password protect the screen saver, and Screen Saver timeout.
Using a command-line interface
The following commands enable screensaver locking in the default user profile. Any user who logs in after these commands are run will use these settings. Any user who logged in before these commands are run will retain their original settings.
The following command configures the blank screensaver:
> reg add ...