Kaseya Community

agent procedures to enable password protected screen saver on servers only.

  • Has anyone found or created a script that can be used with Agent Procedures to enable a password protected screen saver on servers with a timeout?  GPO is not an option.

     

    thanks

  • Procedure Screen Saver Security.zip

    Here are older procedures I found.  I believe they came from Kaseya.  A quick search says the referenced registry settings still apply to newer OSes.

    Mike

  • Something to note is that these procedures Mike found seem to using the "Current User" registry hive (HKEY_CURRENT_USER) which might be problematic as this hive is only loaded when a console session is logged on.

    To access the offline User registry hives you will need to use more complex scripting to locate user profiles via their SSID (convert username into SSID) and modify the settings under the Users registry hive (HKEY_USERS) per user SSID. You will need to look at something like VBscript or Powershell if you want to enable these settings on all the user accounts as Kaseya's Agent Procedures are not very loop friendly.

    You also want to apply Screen Saver password settings to the ".DEFAULT" (HKEY_USERS\.DEFAULT) registry key as it will take care of any new user profiles that might be generated in the future.

    As the majority of the servers I work on are Domain based GPO is the preferred option in my organization for this type of configuration so I unfortunately have not yet had a need to make a script like this that I can share with you.

  • HardKnoX - just an FYI - the HKEY_USERS\.DEFAULT key is not what you think. It is a common assumption though. To modify settings future profiles, we must load the "Default" NTUSER.DAT file.

    Explanation of .DEFAULT: blogs.msdn.com/.../1786493.aspx

    More info on Default user: blogs.technet.com/.../tip-49-how-do-you-set-default-user-profile-registry-settings.aspx

    This is also scriptable as I'm sure you can imagine.

  • thanks all, I appreciate it.

  • I'm sure I have managed to apply some profile changes (Wallpaper, Screen saver) to the HKEY_USERS\.DEFAULT hive in the past and it worked, however doing a quick google search on the topic other appears to agree that this is not the correct hive.

    You can use the REG LOAD command to mount the Default User Hive or you can use the Profile Manager tool to copy a preconfigured profile.