Skip to main content

Set Windows 10 Screensaver

Tony-Automox

Set your screensaver, the timeout, and whether prompted for a login upon resume. This code is easy to select any of the built-in savers located in C:\Windows\System32, but you could enhance it to attach your own screensaver, copy it to System32, and set it as the one to use.

Note: The settings may not take effect until after a reboot

Evaluation:

# Define desired registry settings. Set remediation to match ------

# 1 = On resume display logon screen, 0 = No logon screen on resume
$ssSecure = 1

# Time in seconds
$ssTimeout = 600

# Screensaver used
$saver = "C:\WINDOWS\system32\Ribbons.scr"

#------------------------------------------------------------------

if (!((Get-WmiObject Win32_OperatingSystem).Caption -match "Microsoft Windows 10")) { Exit 0 }

$regPath = 'Control Panel\Desktop'

# Get User details including SID from Get-LocalUser
$users = Get-CimInstance -Class Win32_UserProfile -Filter "Special = $false"

#Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue | Out-Null

$nonCompliant = @()

# Loop through the list of users to check each for compliance
foreach ($user in $users) {
    
    # Retrieve SIDs for each user
    $sid = $user.SID
    $local = $user.LocalPath
    
    # Load Registries for users, if ntuser.dat exists
    # this prevents us from attempting to load Administrator and similar accounts
    if (Test-Path "$local\ntuser.dat") {
    
        # Load user's ntuser.dat into the registry
        & reg load "HKU\$sid" "$local\ntuser.dat" | Out-Null
        $properties = Get-ItemProperty -Path "HKU:\$sid\$regpath"
        
        # If any of these values don't match desired state, add the user name to nonCompliant list
        if ($properties.ScreenSaverIsSecure -ne $ssSecure `
            -or $properties.ScreenSaveTimeOut -ne $ssTimeout `
            -or $properties.'SCRNSAVE.EXE' -ne $saver `
            -or $properties.ScreenSaveActive -ne 1) {
            
            $nonCompliant += $user
        }
    }
}

#Clean-up the PSDrive
Remove-PSDrive -Name HKU

#If any users are non-compliant, "Exit 1" to flag remediation. Else "Exit 0" for Compliant
if ($nonCompliant.Count -gt 0) {
    Exit 1
} else { Exit 0 }

Remediation:

#Define desired registry settings. Make sure they match evaluation ------

# 1 = On resume display logon screen, 0 = No logon screen on resume
$ssSecure = 1

# Time in seconds
$ssTimeout = 600

# Screensaver used
$saver = "C:\WINDOWS\system32\Ribbons.scr"

#------------------------------------------------------------------------

$regPath = 'Control Panel\Desktop'

# Get User details including SID from Get-LocalUser
$users = Get-CimInstance -Class Win32_UserProfile -Filter "Special = $false"

# Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS

foreach ($user in $users) {

    #Retrieve SIDs for each user
    $sid = $user.SID
    $local = $user.LocalPath

    # Load Registries for users, if ntuser.dat exists
    # this prevents us from attempting to load Administrator and similar accounts
    if (Test-Path "$local\ntuser.dat") {

        # Load user's ntuser.dat into the registry
        & reg load "HKU\$sid" "$local\ntuser.dat"

        # Set screensaver values
        Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name ScreenSaveActive -Value 1
        Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name ScreenSaverIsSecure -Value $($ssSecure)
        Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name ScreenSaveTimeOut -Value $($ssTimeout)
        Set-ItemProperty -Path "HKU:\$sid\$regPath" -Name SCRNSAVE.EXE -Value $($saver)
    }
}

Remove-PSDrive -Name HKU

    5 replies

    felix.goh
    • felix.goh
    • Novice
    • 9 replies
    • April 6, 2021

    Hello Tony, this assumes the scr has to be in place correct? (meaning remediation can include copy from some source?)

    i just turned down a request from 1 user. 😂

    Tony-Automox
    • Tony-Automox
    • Author
    • Automox Employee
    • 35 replies
    • April 6, 2021

    Hi Felix. As written, it’s assuming you’re selecting from one of the built-in .scr files in Windows. If you have your own .scr, you should be able to upload it to the worklet, change $saver in the evaluation to point to your .scr file (like $saver = “C:\WINDOWS\system32\custom.scr”), and then do something like this in the “# Screensaver used” section of remediation (assume the file name you upload is custom.scr):

    $scrFile = “custom.scr”
    Copy-Item $scrFile -Destination “C:\WINDOWS\system32”
    $saver = “C:\WINDOWS\system32\$scrFile”

    Nic-Automox
    1 person likes this
    • Nic-Automox
      Nic-Automox
    S
    • ssukhai
    • Rookie
    • 1 reply
    • December 8, 2021

    copied this and for some reason the timeout is set for 1 minute and resume display is not checked off. Using  Win10 21H1 19043.1348

     

     

    U
    Forum|alt.badge.img
    • uapilado
    • Novice
    • 28 replies
    • October 3, 2022

    Hi @Tony-Automox -

    I want to use the PhotoScreensaver.scr. Can you help, where can i setup the .jpg file after uploading?

    Thanks!

    Ulyssis

    D

    The user interface doesn’t change, however I’ve found that you need to add -Force to the secure setting and timeout setting in order to force it to change, this doesn’t prevent users from changing it subsequently either. 

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings