Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Screen Saver Not Locking

Status
Not open for further replies.
SgtJarrow

SgtJarrow

Programmer
Apr 12, 2002
2,937
US
I have a domain of about 900 users. We have instituted group policy to enforce screensavers and locking after 15 minutes of inactivity. A small percentage of the users (about 10 or so) receive the policy, settings are enforced and the screensaver comes on, but the screen does not lock. I have yet been unable to figure ut why. Any suggestions???

****************************
Computers are possibly the most un-intelligent things ever invented, yet we let them control the world. Possibly a reflection of our own stupidity.

Robert L. Johnson III
MCSA, CNA, Net+, A+
w: rljohnso@stewart.com
h: wildmage@tampabay.rr.com
 
Sort by date Sort by votes
while a good thought, fast user switching is not allowed in a domain environment (verified in Help).

****************************
Computers are possibly the most un-intelligent things ever invented, yet we let them control the world. Possibly a reflection of our own stupidity.

Robert L. Johnson III
MCSA, CNA, Net+, A+
w: rljohnso@stewart.com
h: wildmage@tampabay.rr.com
 
Upvote 0 Downvote
You are absolutely right.

Now, how about the policy settings for empty or blank passwords?
 
Upvote 0 Downvote
already enforced....minimum 8 and must include at least one caps and one special (such as a number or - or ^ or somthing)

****************************
Computers are possibly the most un-intelligent things ever invented, yet we let them control the world. Possibly a reflection of our own stupidity.

Robert L. Johnson III
MCSA, CNA, Net+, A+
w: rljohnso@stewart.com
h: wildmage@tampabay.rr.com
 
Upvote 0 Downvote
Start, Run, regedit

In Registry go to:
HKEY_CURRENT_USER\Control Panel\Desktop

Check the following REG_SZ values:

ScreenSaveActive = 1 (this is probably your problem)
ScreenSaverIsSecure = 1 (for password protection w/ user PW)
ScreenSaveTimeOut = 600 (for 10 minutes)
SCRNSAVE.EXE = C:\Windows\System32\ssmypics.scr (or desired screensaver file name)

Note also these can be set under:
HKEY_USERS\.DEFAULT\Control Panel\Desktop
for when no user is logged on.

Is all this correct on the "bad" workstations?
 
Upvote 0 Downvote
man, while I appreciate your efforts and know you are knowledgable....I took a quick look and found the following:

While what you proposed should work, it did not. The reg settings of my machine (which is not a "bad" machine) matches that of a known "bad" machine.

What is really odd is that my reg settings are:

ScreenSaveActive = 1
ScreenSaverIsSecure = 0
ScreenSaveTimeOut = 600
SCRNSAVE.EXE = C:\Windows\System32\LOGON.scr

But I receive my group policy and the screensaver kicks in and locks out at 15 minutes....not 10 per the SaveTimeOut...

****************************
Computers are possibly the most un-intelligent things ever invented, yet we let them control the world. Possibly a reflection of our own stupidity.

Robert L. Johnson III
MCSA, CNA, Net+, A+
w: rljohnso@stewart.com
h: wildmage@tampabay.rr.com
 
Upvote 0 Downvote
bcastner,

Found out the reason your key changes don't work is because in a domain environment with group policies enforced, there are another group of keys that take precedence over the "local" keys you mentioned...

My problem seems to be more related to the actual screensaver being used. I don't enforce any one particular screensaver. I use the blank.scr, and so do many users. I am currently in the process of determining what screensavers are being used on the "bad" machines.

In researching I found a lot of references to the fact that 16-bit screensavers do not necessarily lock as they are supposed to....may be changing the policy to force one screensaver for everyone.....

****************************
Computers are possibly the most un-intelligent things ever invented, yet we let them control the world. Possibly a reflection of our own stupidity.

Robert L. Johnson III
MCSA, CNA, Net+, A+
w: rljohnso@stewart.com
h: wildmage@tampabay.rr.com
 
Upvote 0 Downvote
The domain policy settings change the registry keys I indicated. This is exactly how the service is defined and initialized.

Older screensavers will not work with XP as secure screensavers as the specifications for the screensaver was changed with XP. Even MS gets it wrong; many of its Plus! for XP screensavers do not fit the specifcations. Screensavers downloaded from the Web suffer the same problem: they were written to the earlier Win9x specification and do not act appropriately in the security context of XP.

In addition, there are screensavers that directly interface the ActiveX controls of Active Desktop. These can provide their own timers and security services.

 
Upvote 0 Downvote
As XP removed from the screensaver the security features found in earlier Windows releases, you still can force the security policy if Group Policy is not working all the time. This should work for even non-compliant screensaver choices:

***** start of cut and paste to screensaver.reg ******

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]
"ScreenSaverIsSecure"=dword:00000001

*********** end cut and paste

You can use this is the Group Policy object for logon scripts, or use Task Scheduler to point to:

regedit /s screensaver.reg

and schedule the task for 'at logon'
 
Upvote 0 Downvote
Where did you find the options in Windows 2003 Server to make those changes for group policy? I'm unable to find those options for locking the computer.
 
Upvote 0 Downvote
JGGood,

What do you have at this location?

User Configuration/Administrative Templates\Control Panel\Display. Screen Saver timeout
 
Upvote 0 Downvote
I have a Windows 2003 Server as a DC and Windows 2000 and XP clients. I would like to test it here first before pushing it out to other site locations.
 
Upvote 0 Downvote
Ok. I've downloaded the upgrades, but how do you install them?? I understand what your problem was. I'm trying to find out how and where the group policy setting is for doing an automatic screen lock is in group policy because I can't find it.
 
Upvote 0 Downvote
Apply a security template to local policy




What do you have at this location?

User Configuration/Administrative Templates\Control Panel\Display.

Password Protect the Screen Saver and Screen Saver Timeout


Determines whether screen savers used on the computer are password protected.

If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.

This setting also disables the "Password protected" check box on the Screen Saver tab in Display in Control Panel, preventing users from changing the password protection setting.

If you do not configure this setting, users can choose whether or not to set password protection on each screen saver.

To ensure that a computer will be password protected, also enable the "Screen Saver" setting and specify a timeout via the "Screen Saver timeout" setting.

Note: To remove the Screen Saver tab, use the "Hide Screen Saver tab" setting.
 
Upvote 0 Downvote
Thanks. Now what I'm seeing so far is that "blank.scr" isn't a screen saver in XP or 2000 on the computers I have on my network. I'm not sure where you're getting that screen saver from if your using up to date Windows XP and Windows 2000 computers. I'm working on testing this group policy on an XP and 2000 computer through group policy. I will be using "scrnsave.scr" That's the name for the blank screen saver. Once that works out I'll test it on one of my sites that have 2000 and XP machines. I'll keep you up to date on my findings.
 
Upvote 0 Downvote
Ok. So far the test on two computers worked perfectly. I used the "logon.scr" for the screen saver and set it for 8 minutes. I then pushed the policy out to one site. Problem though, it's affecting my citrix server when users are using citrix. So far it seems that it may happen when users close there citrix session incorrectly. I removed the policy from the sites OU and will be testing the citrix issue through the week. I'll keep you guys updated.
 
Upvote 0 Downvote
Well, the screen saver lock is working perfectly. I tried it out on three sites so far. I will be pushing it out on the whole Domain tomorrow. Thanks for your help guys. Did you ever get it to work properly with GPO? It's working fine for me. [2thumbsup]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
2K
pjw001
pjw001
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
440
pjw001
pjw001
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
375
guitarzan
guitarzan
Flinx
  • Locked
  • Question
Nero Burning ROM not seeing disk change 2
Replies
3
Views
268
gbaughma
gbaughma
pmonett
  • Locked
  • Question
Cannot install Notes R12 1
Replies
13
Views
246
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top