From LedHed's Wiki
Jump to: navigation, search

For years I've used Group Policy to set password protected screen savers and the timeout. The problem is that users like their screen savers and if you force one with group policy then you could end up with a riot on your hands.

Well I found a solution!


Overview

With the introduction of Group Policy Preferences (and Item Level Targeting) you can now set your desired screen saver settings while letting the user choose what screen saver to use.

Heres how. You set all the settings you want for example:

User Configuration\Administrative Templates\Control Panel\Personalization\
Enable screen saver = Enabled
Password protect the screen saver = Enabled
Screen saver timeout = 900

Now you might be thinking I missed "Force specific screen saver", but this is where things get cool.

Instead of forcing a specific screen saver we're going to use Group Policy Preferences and Item Level Targeting to accomplish our goal and give the user some freedom.


Group Policy Preferences

Logic: We're going to create a GPP that sets the registry key that controls the screensaver, but we will use Item Level Targeting to conditionally set this policy only if the user has set the screensaver to "None".

Create Registry Key

User Configuration\Preferences\Windows Settings\Registry

1) Create a new Registry item with the following settings.

Action = Update
Hive = HKEY_CURRENT_USER
Key path = Control Panel\Desktop
Value name = SCRNSAVE.EXE
Value type = REG_SZ
Value data = C:\Windows\system32\scrnsave.scr

ScreenSaver GPP Properties.png

2) Setup Item Level Targeting

Click the "Common" tab
[X] Item-level targeting
Click Targeting...
Click "New Item"
Choose "Registry Match"
Click "Item Options"
Click "Is Not"
Set Match type = Value exists
Hive = HKEY_CURRENT_USER
key path = Control panel\Desktop
Value name = SCRNSAVE.EXE
Value type = REG_SZ

ScreenSaver TargetingEditor.png


What this does is look for HKEY_CURRENT_USER\Control panel\Desktop\SCRNSAVE.EXE
And if this key does not exist (Meaning the user set their screen saver to None) then apply the GPP and force the blank screen saver (scrnsave.scr). But if the key does exist then don't apply the GPP (Meaning the users chosen screen saver will remain in effect).


References

http://webcache.googleusercontent.com/search?q=cache:11cTR4v1yHYJ:www.grouppolicy.biz/tag/screensaver/+&cd=4&hl=en&ct=clnk&gl=us

The above link no longer exists but google still has it in cache (for a while at least).