Password protect the screen saver If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver. Counter Measure: Configure this policy setting to Enabled so that when the other screen saver settings are implemented the risk of a user's desktop session being hijacked by a passerby is reduced. Potential Impact: Users will have to provide their logon credentials when they want to access their locked desktop session.

[enable/disable]

(1) GPO: User ConfigurationAdministrative TemplatesControl PanelPersonalizationPassword protect the screen saver (2) REG: HKEY_USERSSoftwarePoliciesMicrosoftWindowsControl PanelDesktopScreenSaverIsSecure (3) WMI: ###