Only works on Windows 7 and prior.

Evaluation code:

#REQUIRES -Version 2.0

<#

.SYNOPSIS

    This script tests to see if the Screen saver remediation script has been run.

.DESCRIPTION

    This script checks the screen saver reg keys of the current user, if the remediation script has

    been run, these value will match. If the values are different then those in in this script, it will

    return a 1. if the settings match it will return a 0.

.NOTES

    File Name       :ScreenSaverSettings.ps1

    Author          :Automox

    Prerequisite    :PowerShell V2 over win7 and upper

#>

#Handle Exit Codes:

trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }



function ScreenSaverTest {

    #############These settings must match those in the Remediation file#######################

    $ScreenSaveActive = 0

    $SCRNSAVEEXE="C:\Windows\system32\Bubbles.scr" #Which screen saver to use. EX: C:\Windows\system32\Bubbles.scr

    $ScreenSaverIsSecure= 0 #password needed on wake up

    $ScreenSaveTimeOut= 30 #seconds to activate screen saver

    ###########################################################################################



    $val1=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaveActive | out-string

    $val2=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty SCRNSAVE.EXE | out-string

    $val3=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaverIsSecure | out-string

    $val4=Get-ItemProperty 'HKCU:\Control Panel\Desktop\' |Select-Object -ExpandProperty ScreenSaveTimeOut | out-string



    if ($ScreenSaveActive -eq $val1.Trim() -and $SCRNSAVEEXE -eq $val2.Trim() -and $ScreenSaverIsSecure -eq $val3 -and $ScreenSaveTimeOut -eq $val4) {

        return 0

    } else {

        return 1

    }

}

Remediation code:

#REQUIRES -Version 2.0

<#

.SYNOPSIS

    This script allows an admin to edit settings relating to Screensavers and Lockscreens.

.DESCRIPTION

    This script finds every user on a windows computer and changed their screensavers to the supplied settings.

    These changes take place immediatly.

    If the "ScreenSaveActive" setting is set to 0 but the "ScreenSaverIsSecure" setting is set to 1

    The system will display the lockscreen after the time specified in the ScreenSaveTimeOut setting.

.NOTES

    File Name       :ScreenSaverSettings.ps1

    Author          :Automox

    Prerequisite    :PowerShell V2 over win7 and upper

#>

#Handle Exit Codes:

trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }



function ScreenSaverSettings{

    #############Change the settings in this block#######################

    $ScreenSaveActive = 0

    $SCRNSAVEEXE="C:\Windows\system32\Bubbles.scr" #Which screen saver to use. EX: C:\Windows\system32\Bubbles.scr

    $ScreenSaverIsSecure= 0 #password needed on wake up

    $ScreenSaveTimeOut= 30 #seconds to activate screen saver

    #####################################################################



    #Get Necessary Info:

    $UID_Regex = "^S-\d-\d+-(\d+-){1,14}\d+$"

    $UserInfo = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $UID_Regex} | Select  @{name="HKEY";expression={"$($_.ProfileImagePath)\ntuser.dat"}},@{name="User";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}},@{name="UID";expression={$_.PSChildName}}

    $LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $UID_Regex} | Select @{name="UID";expression={$_.PSChildName}}

    $UnloadedHives = Compare-Object $UserInfo.UID $LoadedHives.UID | Select @{name="UID";expression={$_.InputObject}}, HKEY, User



    #Do Actions on every user:

    Foreach ($item in $UserInfo) {

        IF ($item.UID -in $UnloadedHives.UID) {

            reg load HKU\$($Item.UID) $($Item.HKEY) | Out-Null

        }

        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaveActive" -Value $ScreenSaveActive

        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaverIsSecure" -Value $ScreenSaverIsSecure

        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "ScreenSaveTimeOut" -Value $ScreenSaveTimeOut

        Set-ItemProperty registry::HKEY_USERS\$($Item.UID)\'Control Panel'\Desktop\ -Name "SCRNSAVE.EXE" -Value $SCRNSAVEEXE

        # cleanup

        IF ($item.UID -in $UnloadedHives.UID) {

            [gc]::Collect()

            reg unload HKU\$($Item.UID) | Out-Null

        }

    }

}



ScreenSaverSettings