Only works on Windows 7 and prior.

Evaluation code:

#REQUIRES -Version 2.0


<#


.SYNOPSIS


    This script tests to see if the Screen saver remediation script has been run.


.DESCRIPTION


    This script checks the screen saver reg keys of the current user, if the remediation script has


    been run, these value will match. If the values are different then those in in this script, it will


    return a 1. if the settings match it will return a 0.


.NOTES


    File Name       :ScreenSaverSettings.ps1


    Author          :Automox


    Prerequisite    :PowerShell V2 over win7 and upper


#>


#Handle Exit Codes:


trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }





function ScreenSaverTest {


    #############These settings must match those in the Remediation file#######################


    $ScreenSaveActive = 0


    $SCRNSAVEEXE="C:\Windows\system32\Bubbles.scr" #Which screen saver to use. EX: C:\Windows\system32\Bubbles.scr


    $ScreenSaverIsSecure= 0 #password needed on wake up


    $ScreenSaveTimeOut= 30 #seconds to activate screen saver


    ###########################################################################################





    $val1=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaveActive | out-string


    $val2=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty SCRNSAVE.EXE | out-string


    $val3=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaverIsSecure | out-string


    $val4=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaveTimeOut | out-string





    if ($ScreenSaveActive -eq $val1.Trim() -and $SCRNSAVEEXE -eq $val2.Trim() -and $ScreenSaverIsSecure -eq $val3 -and $ScreenSaveTimeOut -eq $val4) {


        return 0


    } else {


        return 1


    }


}

Remediation code:

#REQUIRES -Version 2.0


<#


.SYNOPSIS


    This script allows an admin to edit settings relating to Screensavers and Lockscreens.


.DESCRIPTION


    This script finds every user on a windows computer and changed their screensavers to the supplied settings.


    These changes take place immediatly.


    If the "ScreenSaveActive" setting is set to 0 but the "ScreenSaverIsSecure" setting is set to 1


    The system will display the lockscreen after the time specified in the ScreenSaveTimeOut setting.


.NOTES


    File Name       :ScreenSaverSettings.ps1


    Author          :Automox


    Prerequisite    :PowerShell V2 over win7 and upper


#>


#Handle Exit Codes:


trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }





function ScreenSaverSettings{


    #############Change the settings in this block#######################


    $ScreenSaveActive = 0


    $SCRNSAVEEXE="C:\Windows\system32\Bubbles.scr" #Which screen saver to use. EX: C:\Windows\system32\Bubbles.scr


    $ScreenSaverIsSecure= 0 #password needed on wake up


    $ScreenSaveTimeOut= 30 #seconds to activate screen saver


    #####################################################################





    #Get Necessary Info:


    $UID_Regex = "^S-\d-\d+-(\d+-){1,14}\d+$"


    $UserInfo = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $UID_Regex} | Select  @{name="HKEY";expression={"$($_.ProfileImagePath)\ntuser.dat"}},@{name="User";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}},@{name="UID";expression={$_.PSChildName}}


    $LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $UID_Regex} | Select @{name="UID";expression={$_.PSChildName}}


    $UnloadedHives = Compare-Object $UserInfo.UID $LoadedHives.UID | Select @{name="UID";expression={$_.InputObject}}, HKEY, User





    #Do Actions on every user:


    Foreach ($item in $UserInfo) {


        IF ($item.UID -in $UnloadedHives.UID) {


            reg load HKU\$($Item.UID) $($Item.HKEY) | Out-Null


        }


        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaveActive" -Value $ScreenSaveActive


        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaverIsSecure" -Value $ScreenSaverIsSecure


        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaveTimeOut" -Value $ScreenSaveTimeOut


        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "SCRNSAVE.EXE" -Value $SCRNSAVEEXE


        # cleanup


        IF ($item.UID -in $UnloadedHives.UID) {


            [gc]::Collect()


            reg unload HKU\$($Item.UID) | Out-Null


        }


    }


}





ScreenSaverSettings