CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting specifies the screen saver for the user's desktop.

The recommended state for this setting is: Enabled: scrnsave.scr .

Note: If the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored.

Rationale:

If a user forgets to lock their computer when they walk away, it is possible that a passerby will hijack it. Configuring a timed screen saver with password lock will help to protect against these hijacks.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_USERS\[USER SID]\Software\Policies\Microsoft\Windows\Control Panel\Desktop:SCRNSAVE.EXE

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled: scrnsave.scr :

User Configuration\Policies\Administrative Templates\Control Panel\Personalization\Force specific screen saver

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

1195 | P a g e