Recipe 17.5. Enabling Screen Saver Locking


Problem

You want to enable screen saver locking to prevent an intruder from accessing an unattended system.

Solution

Using a graphical user interface

The following instructions enable screen saver locking for the currently logged on user:

  1. Right-click the desktop background and select Properties.

  2. Select the Screen Saver tab.

  3. Select Blank for the screen saver, enter the number of minutes to wait before starting the screen saver, and check the box beside "On resume, password protect."

  4. Click OK.

The following instructions enable screen saver locking using Group Policy:

  1. Open the Group Policy Management Console (GPMC).

  2. In the left pane, navigate to the target Group Policy, right-click it, and select edit. This will launch the Group Policy Object Editor.

  3. In the left pane, expand User Configuration Administrative Templates Control Panel, and click on Display.

  4. In the right pane, there are five settings you can modify to control screen saver behavior. These include the Hide Screen Saver tab, Activate screen saver, Screen saver executable name, Password protect the screen saver, and Screen Saver timeout.

Using a command-line interface

The following commands enable screen saver locking in the default user profile. Any user who logs in after these commands are run will use these settings. Any user who logged in before these commands are run will retain their original settings.

The following command configures the blank screen saver:

> reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v SCRNSAVE.EXE /t R EG_SZ /d scrnsave.scr > reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaveActive/t REG_SZ /d 1

The following command sets the screen saver timeout to 10 minutes (600 seconds):

> reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaveTimeOut /t REG_SZ /d 600

The following command enables screen saver locking:

> reg add "\\<SystemName>\HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d 1

Using VBScript
' This code enables screen saver locking for all users that log on ' a system even if they've configured other screen saver settings previously. ' ------ SCRIPT CONFIGURATION ------ strComputer = "." strScreenSaveActive    = "1" strScreenSaverIsSecure = "1" strScreenSaveTimeout   = "300" strScrnSave            = "scrnsave.scr" ' ------ END CONFIGURATION --------- const HKEY_USERS = &H80000003 set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") objReg.EnumKey HKEY_USERS, "", arrSubKeys for each strSubkey in arrSubKeys    WScript.Echo strSubkey    objReg.EnumValues HKEY_USERS, strSubkey & "\Control Panel\Desktop", _                      arrValues, arrTypes    if IsArray(arrValues) then       WScript.Echo "  setting screen saver values"       objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _                             "ScreenSaveActive", strScreenSaveActive       objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _                             "ScreenSaverIsSecure", strScreenSaverIsSecure       objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _                             "ScreenSaveTimeOut", strScreenSaveTimeOut       objReg.SetStringValue HKEY_USERS, strSubkey & "\Control Panel\Desktop", _                             "SCRNSAVE.EXE", strScrnSave    else       WScript.Echo "  NOT setting screen saver values"    end if    WScript.Echo next

Discussion

If you want to implement a login script or batch file to enable screen saver locking for the currently logged on user of a system, you need to modify the following Registry values:

HKEY_CURRENT_USER\Control Panel\Desktop "ScreenSaveActive"="1" "ScreenSaverIsSecure"="1" "ScreenSaveTimeOut"="900" "SCRNSAVE.EXE"="scrnsave.scr"

This configures the scrnsave.scr screen saver to turn on after 15 minutes (900 seconds) of inactivity.

See Also

MS KB 281250, "Information About Unlocking a Workstation"



Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net