Set the default forced screen saver in Group Policy – Logon.scr in Windows 7

This article explains how to set a default screen saver with settings that will be compatible with changes in Windows 7 and with your existing Windows XP and Vista clients.

Kyle Beckman By Kyle Beckman - Mon, October 18, 2010 - 11 comments

Kyle Beckman works as a systems administrator in Higher Education in the Southeast United States and has 15+ years of systems administration experience. You can follow him on Twitter or his blog,

In my initial testing of Windows 7, I was a little disturbed to find that a default install of Windows 7 Enterprise did not include a default screen saver when a user would log in. I was also a little miffed that logon.scr (known as the “Windows XP” screen saver in Windows XP and “Windows Logo” screen saver in Windows Vista) was also nowhere to be found when I searched the file system.

Windows 7 User Screensaver Configuration 1

If a user logs into Windows 7 and has logon.scr set as a forced screen saver in Group Policy, his default screen saver will be set to (None) and, because it is a Group Policy, the user will be unable to change this setting.

Windows 7 User Screensaver Configuration 2

In many environments, securing logon sessions is very important… especially if you have to deal with HIPAA, FERPA, or any of the other myriad of government regulations (or jumpy Information Security departments) that are out there. If a user were to leave his office with his workstation unlocked and the door wide open, a malicious person would have access to everything that the unwitting user left open: files, applications, e-mail, etc. If you’re still using logon.scr as your default forced screen saver and you’ve started deploying Windows 7, you have users out there without a default screen saver.

So, back to basics: setting a default screen saver with settings that will be compatible with changes in Windows 7 and with your existing Windows XP and Vista clients. First off, start with a Group Policy Object (GPO) that is linked to the OU where your user accounts are located in Active Directory. This can be either a new GPO or an existing GPO that may already have other settings you want applied to all of your users. Next, go to Policy > User Configuration > Administrative Templates > Control Panel > Personalization. Here are the policies you’re looking for:

PolicySetting Option
Enable Screen SaverEnabled
Force Specific Screen SaverEnabledscrnsave.scr
Password Protect Screen SaverEnabled
Screen Saver timeoutEnabledTime set in seconds (900 in the example)

Windows 7 UserScreensaver Group Policy 1 Windows 7 User Screensaver Group Policy 2

From the user’s perspective, the options for setting the screen saver, the wait time, and whether to display the logon screen will be set and grayed out. This policy change will update during a regular Group Policy refresh cycle.

-1+1 (+4 rating, 4 votes)
Your question wasn't answered? Please ask in the new 4sysops forum!

11 Comments- Leave a Reply

  1. avatarbreiti says:

    this works for me perfectly. thank you.

  2. avatardeathtap says:

    Easy instructions, very well written.

    Thanks for this. Now I can make sure that all my co-workers are forced to use the default screensaver…

    Or one that I want them to see (insert evil laughter here).

  3. avatarabland says:

    Thanks for the tip…… It works and hopefully they don’t change things for Windows 8.

  4. avatarpisootegn says:

    Why some my client do not got srceensaver policy ,i have no idea to fix this

    help me plz ,thankyou

  5. Kyle BeckmanKyle Beckman says:

    Have you tried using gpresult in any of the users’ accounts to see if they are getting the policy? I have an article series on troubleshooting Group Policy that may assist you.

  6. avatarpisootegn says:

    thank you ,now trouble have fixed .cause source files .scr are on the same path. i’m try to unshare and share it again then delete old .scr file ,it worked.

    thank you so much ,

  7. avatarMassimo says:

    pisootegn, can you exactly explain how you have solved. Because I have some clients that do not apply theese settings and some that do. (Obviously I tried the Gpresultant first and many gpupdate /force and computer restart)

  8. Kyle BeckmanKyle Beckman says:

    Be mindful that this is a user setting… not a computer setting. If you’re applying this to a computer, nothing is going to happen unless you’re using loopback policy to apply the setting to all users logging into the computer. A gpupdate should be all that is necessary. If you’d like to start a new thread in the Forum, you can attach your gpresult file and we can try to help you there.

  9. avatarMassimo says:

    I noticed that. In fact I tried the same user over many pc in the same OU where the policy is attached. And the policy filter is for “Authenticated Users”. That’s why I can’t explain me

  10. Kyle BeckmanKyle Beckman says:

    Authenticated Users is the default. Like I said, this is a User policy. If you’re attaching it to an OU with computers, it isn’t going to apply to the user unless he’s in that same OU (which I wouldn’t recommend) or you’re using loopback. I really need to see the output of gpresult to see what is going on with your Group Policy config though.

  11. avatarMassimo says:

    Sorry, the computer and the users are in the same OU. We’re doing some test for the productional start in the middle of September. I will produce the Gpresult asap and start the new post

Please share your thoughts in a comment!


Lost your password?