Worklet: Set Screensaver Settings for Windows 7

Only works on Windows 7 and prior.

Evaluation code:

#REQUIRES -Version 2.0
<#
.SYNOPSIS
    This script tests to see if the Screen saver remediation script has been run.
.DESCRIPTION
    This script checks the screen saver reg keys of the current user, if the remediation script has
    been run, these value will match. If the values are different then those in in this script, it will
    return a 1. if the settings match it will return a 0.
.NOTES
    File Name       :ScreenSaverSettings.ps1
    Author          :Automox
    Prerequisite    :PowerShell V2 over win7 and upper
#>
#Handle Exit Codes:
trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }

function ScreenSaverTest {
    #############These settings must match those in the Remediation file#######################
    $ScreenSaveActive = 0
    $SCRNSAVEEXE="C:\Windows\system32\Bubbles.scr" #Which screen saver to use. EX: C:\Windows\system32\Bubbles.scr
    $ScreenSaverIsSecure= 0 #password needed on wake up
    $ScreenSaveTimeOut= 30 #seconds to activate screen saver
    ###########################################################################################

    $val1=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaveActive | out-string
    $val2=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty SCRNSAVE.EXE | out-string
    $val3=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaverIsSecure | out-string
    $val4=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaveTimeOut | out-string

    if ($ScreenSaveActive -eq $val1.Trim() -and $SCRNSAVEEXE -eq $val2.Trim() -and $ScreenSaverIsSecure -eq $val3 -and $ScreenSaveTimeOut -eq $val4) {
        return 0
    } else {
        return 1
    }
}

Remediation code:

#REQUIRES -Version 2.0
<#
.SYNOPSIS
    This script allows an admin to edit settings relating to Screensavers and Lockscreens.
.DESCRIPTION
    This script finds every user on a windows computer and changed their screensavers to the supplied settings.
    These changes take place immediatly.
    If the "ScreenSaveActive" setting is set to 0 but the "ScreenSaverIsSecure" setting is set to 1
    The system will display the lockscreen after the time specified in the ScreenSaveTimeOut setting.
.NOTES
    File Name       :ScreenSaverSettings.ps1
    Author          :Automox
    Prerequisite    :PowerShell V2 over win7 and upper
#>
#Handle Exit Codes:
trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }

function ScreenSaverSettings{
    #############Change the settings in this block#######################
    $ScreenSaveActive = 0
    $SCRNSAVEEXE="C:\Windows\system32\Bubbles.scr" #Which screen saver to use. EX: C:\Windows\system32\Bubbles.scr
    $ScreenSaverIsSecure= 0 #password needed on wake up
    $ScreenSaveTimeOut= 30 #seconds to activate screen saver
    #####################################################################

    #Get Necessary Info:
    $UID_Regex = "^S-\d-\d+-(\d+-){1,14}\d+$"
    $UserInfo = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $UID_Regex} | Select  @{name="HKEY";expression={"$($_.ProfileImagePath)\ntuser.dat"}},@{name="User";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}},@{name="UID";expression={$_.PSChildName}}
    $LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $UID_Regex} | Select @{name="UID";expression={$_.PSChildName}}
    $UnloadedHives = Compare-Object $UserInfo.UID $LoadedHives.UID | Select @{name="UID";expression={$_.InputObject}}, HKEY, User

    #Do Actions on every user:
    Foreach ($item in $UserInfo) {
        IF ($item.UID -in $UnloadedHives.UID) {
            reg load HKU\$($Item.UID) $($Item.HKEY) | Out-Null
        }
        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaveActive" -Value $ScreenSaveActive
        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaverIsSecure" -Value $ScreenSaverIsSecure
        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaveTimeOut" -Value $ScreenSaveTimeOut
        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "SCRNSAVE.EXE" -Value $SCRNSAVEEXE
        # cleanup
        IF ($item.UID -in $UnloadedHives.UID) {
            [gc]::Collect()
            reg unload HKU\$($Item.UID) | Out-Null
        }
    }
}

ScreenSaverSettings