ProblemYou want to enable screen saver locking to prevent an intruder from accessing an unattended system. SolutionUsing a graphical user interfaceThe following instructions enable screen saver locking for the currently logged on user:
The following instructions enable screen saver locking using Group Policy:
Using a command-line interfaceThe following commands enable screen saver locking in the default user profile. Any user who logs in after these commands are run will use these settings. Any user who logged in before these commands are run will retain their original settings. The following command configures the blank screen saver: > reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v SCRNSAVE.EXE /t R EG_SZ /d scrnsave.scr > reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaveActive/t REG_SZ /d 1 The following command sets the screen saver timeout to 10 minutes (600 seconds): > reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaveTimeOut /t REG_SZ /d 600 The following command enables screen saver locking: > reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d 1 Using VBScript' This code enables screen saver locking for all users that log on ' a system even if they've configured other screen saver settings previously. ' ------ SCRIPT CONFIGURATION ------ strComputer = "." strScreenSaveActive = "1" strScreenSaverIsSecure = "1" strScreenSaveTimeout = "300" strScrnSave = "scrnsave.scr" ' ------ END CONFIGURATION --------- const HKEY_USERS = &H80000003 set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") objReg.EnumKey HKEY_USERS, "", arrSubKeys for each strSubkey in arrSubKeys WScript.Echo strSubkey objReg.EnumValues HKEY_USERS, strSubkey & "\Control Panel\Desktop", _ arrValues, arrTypes if IsArray(arrValues) then WScript.Echo " setting screen saver values" objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _ "ScreenSaveActive", strScreenSaveActive objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _ "ScreenSaverIsSecure", strScreenSaverIsSecure objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _ "ScreenSaveTimeOut", strScreenSaveTimeOut objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _ "SCRNSAVE.EXE", strScrnSave else WScript.Echo " NOT setting screen saver values" end if WScript.Echo next DiscussionIf you want to implement a login script or batch file to enable screen saver locking for the currently logged on user of a system, you need to modify the following Registry values: HKEY_CURRENT_USER\Control Panel\Desktop "ScreenSaveActive"="1" "ScreenSaverIsSecure"="1" "ScreenSaveTimeOut"="900" "SCRNSAVE.EXE"="scrnsave.scr" This configures the scrnsave.scr screen saver to turn on after 15 minutes (900 seconds) of inactivity. See AlsoMS KB 281250, "Information About Unlocking a Workstation" |