CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

19.1.3 Personalization (formerlyDesktop Themes)

This section contains recommendations for personalization settings.

This Group Policy section is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates. Note: This section was initially named Desktop Themes but was renamed by Microsoft to Personalization starting with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates.

19.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting enables/disables the use of desktop screen savers.

The recommended state for this setting is: Enabled .

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_USERS\[USER SID]\Software\Policies\Microsoft\Windows\Control Panel\Desktop:ScreenSaveActive

1193 | P a g e