Set Windows 10 Screensaver

  • 1 April 2021
  • 5 replies
  • 337 views

Userlevel 5

Set your screensaver, the timeout, and whether prompted for a login upon resume. This code is easy to select any of the built-in savers located in C:\Windows\System32, but you could enhance it to attach your own screensaver, copy it to System32, and set it as the one to use.


Note: The settings may not take effect until after a reboot


Evaluation:


# Define desired registry settings. Set remediation to match ------

# 1 = On resume display logon screen, 0 = No logon screen on resume
$ssSecure = 1

# Time in seconds
$ssTimeout = 600

# Screensaver used
$saver = "C:\WINDOWS\system32\Ribbons.scr"

#------------------------------------------------------------------

if (!((Get-WmiObject Win32_OperatingSystem).Caption -match "Microsoft Windows 10")) { Exit 0 }

$regPath = 'Control Panel\Desktop'

# Get User details including SID from Get-LocalUser
$users = Get-CimInstance -Class Win32_UserProfile -Filter "Special = $false"

#Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue | Out-Null

$nonCompliant = @()

# Loop through the list of users to check each for compliance
foreach ($user in $users) {

# Retrieve SIDs for each user
$sid = $user.SID
$local = $user.LocalPath

# Load Registries for users, if ntuser.dat exists
# this prevents us from attempting to load Administrator and similar accounts
if (Test-Path "$local\ntuser.dat") {

# Load user's ntuser.dat into the registry
& reg load "HKU\$sid" "$local\ntuser.dat" | Out-Null
$properties = Get-ItemProperty -Path "HKU:\$sid\$regpath"

# If any of these values don't match desired state, add the user name to nonCompliant list
if ($properties.ScreenSaverIsSecure -ne $ssSecure `
-or $properties.ScreenSaveTimeOut -ne $ssTimeout `
-or $properties.'SCRNSAVE.EXE' -ne $saver `
-or $properties.ScreenSaveActive -ne 1) {

$nonCompliant += $user
}
}
}

#Clean-up the PSDrive
Remove-PSDrive -Name HKU

#If any users are non-compliant, "Exit 1" to flag remediation. Else "Exit 0" for Compliant
if ($nonCompliant.Count -gt 0) {
Exit 1
} else { Exit 0 }

Remediation:


#Define desired registry settings. Make sure they match evaluation ------

# 1 = On resume display logon screen, 0 = No logon screen on resume
$ssSecure = 1

# Time in seconds
$ssTimeout = 600

# Screensaver used
$saver = "C:\WINDOWS\system32\Ribbons.scr"

#------------------------------------------------------------------------

$regPath = 'Control Panel\Desktop'

# Get User details including SID from Get-LocalUser
$users = Get-CimInstance -Class Win32_UserProfile -Filter "Special = $false"

# Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS

foreach ($user in $users) {

#Retrieve SIDs for each user
$sid = $user.SID
$local = $user.LocalPath

# Load Registries for users, if ntuser.dat exists
# this prevents us from attempting to load Administrator and similar accounts
if (Test-Path "$local\ntuser.dat") {

# Load user's ntuser.dat into the registry
& reg load "HKU\$sid" "$local\ntuser.dat"

# Set screensaver values
Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name ScreenSaveActive -Value 1
Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name ScreenSaverIsSecure -Value $($ssSecure)
Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name ScreenSaveTimeOut -Value $($ssTimeout)
Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name SCRNSAVE.EXE -Value $($saver)
}
}

Remove-PSDrive -Name HKU

5 replies

Hello Tony, this assumes the scr has to be in place correct? (meaning remediation can include copy from some source?)


i just turned down a request from 1 user. 😂

Userlevel 5

Hi Felix. As written, it’s assuming you’re selecting from one of the built-in .scr files in Windows. If you have your own .scr, you should be able to upload it to the worklet, change $saver in the evaluation to point to your .scr file (like $saver = “C:\WINDOWS\system32\custom.scr”), and then do something like this in the “# Screensaver used” section of remediation (assume the file name you upload is custom.scr):


$scrFile = “custom.scr”

Copy-Item $scrFile -Destination “C:\WINDOWS\system32”

$saver = “C:\WINDOWS\system32\$scrFile”

copied this and for some reason the timeout is set for 1 minute and resume display is not checked off. Using  Win10 21H1 19043.1348

 

 

Badge

Hi @Tony-Automox -

I want to use the PhotoScreensaver.scr. Can you help, where can i setup the .jpg file after uploading?

Thanks!

Ulyssis

The user interface doesn’t change, however I’ve found that you need to add -Force to the secure setting and timeout setting in order to force it to change, this doesn’t prevent users from changing it subsequently either. 

Reply