During Kevin Sullivan Group Policy session at TechEd 2010 in the USA this year he mentioned an example of a being able to configure group policy to allow users to select whatever screensaver they want except the one called “(None)†(see image below). While this method does not prevent the users from select the (None) from the screensaver options list it will set it back to a screensaver of your choice when the user selects (None) option.
The logic to implement this policy is to test if the SCRNSAVE.EXE registry key exists and if it doesn’t then create the key with the screensaver that you want to enable.
Note: You can also use this tutorial as a guide for applying other group policy preferences settings based on weather a registry key exists or not. A good example you might want to do this for is to test to see if a specific application registry key exists before you apply an application specific registry setting. This helps you keep a cleaner configured SOE by not un-necessarily applying configuration settings.
How to use Group Policy to allow the users to chose any screensaver except (None)
Step 1. Edit a Group Policy Object (GPO) that is targeted to the users accounts you wan to apply this policy
Step 2. Navigate to User Configuration > Preferences > Windows Settings > Registry then from the menu click on Action > New > Registry Item
Step 3. Select “Update†from the Action then type “Control Panel\Desktop†in the Key Path: text field then type “SCRNSAVE.EXE†in the Value Name text field and “C:\Windows\System32\scrnsave.scr†in the Value data: text field.
Step 4. Click on the Common tab and then tick “Item-level targeting†and then click the “Targeting…†button.
Now we will target the screen saver to apply only when the “HKCU\Control Panel\Desktop\SCRNSAVE.EXE†registry key does NOT exist as this means the screen saver has been configured to “(None)â€.
Step 5. Click on “New Item†then the “Registry Match†option.
Step 6. Select the “Value exists†Match type†then type “Control Panel\Desktop†in the key path field and then type “SCRNSAVE.EXE†in the value name field
Step 7. Click back on the targeting setting in the top pane and press “F8†which changes the option to “does not exist†then click OK and OK.
This policy will now apply the blank screen saver on the next group policy refresh to all targeted users whenever they select the “(None)â€.
Below is a table that shows the screensaver set to “(None)†(before column) and then the after a policy refresh the screensaver is configured as “Blank†(After column). Then the users has selected the “Photos†(Custom column) screensaver and the policy is refreshed again however this time there is no change as the screensaver is configured with a value so it is not set back to “Blankâ€.
| Before | After | Custom |
 |
 |
 |
Blog Post: How to use Group Policy to allow the users to chose any screensaver except (None) http://bit.ly/an09YJ
RT @grouppolicy_biz: Blog Post: How to use Group Policy to allow the users to chose any screensaver except (None) http://bit.ly/an09YJ
RT @grouppolicy_biz How to use Group Policy to allow the users to chose any screensaver except (None) http://bit.ly/aEBGZF < nice use of GPP
“@astorrs: RT @grouppolicy_biz How to use Group Policy to allow users to chose any screensaver except (None) http://bit.ly/aEBGZF†//#citrt
Will this solution work on Server 2003 or is 2008 required?
I have not tested it but i believe that this will also work on Windows XP/Server 2003 and above…
Thanks, we will try it.
In the office I dont allow users mess with anything. I installed Deep Freeze and viruses, spywares and many problems that were caused by the users are simply GONE! and I’m very happy about it.
Thanks for these instructions. We want to lock down but not be too draconian about it!