Set the default forced screen saver in Group Policy – Logon.scr in Windows 7

This article explains how to set a default screen saver with settings that will be compatible with changes in Windows 7 and with your existing Windows XP and Vista clients.
Profile photo of Kyle Beckman

Kyle Beckman

Kyle Beckman works as a systems administrator in Atlanta, GA supporting Office 365 in Higher Education. He has 17+ years of systems administration experience. You can follow him on Twitter or his blog,
Profile photo of Kyle Beckman

In my initial testing of Windows 7, I was a little disturbed to find that a default install of Windows 7 Enterprise did not include a default screen saver when a user would log in. I was also a little miffed that logon.scr (known as the “Windows XP” screen saver in Windows XP and “Windows Logo” screen saver in Windows Vista) was also nowhere to be found when I searched the file system.

Windows 7 User Screensaver Configuration 1

If a user logs into Windows 7 and has logon.scr set as a forced screen saver in Group Policy, his default screen saver will be set to (None) and, because it is a Group Policy, the user will be unable to change this setting.

Windows 7 User Screensaver Configuration 2

In many environments, securing logon sessions is very important… especially if you have to deal with HIPAA, FERPA, or any of the other myriad of government regulations (or jumpy Information Security departments) that are out there. If a user were to leave his office with his workstation unlocked and the door wide open, a malicious person would have access to everything that the unwitting user left open: files, applications, e-mail, etc. If you’re still using logon.scr as your default forced screen saver and you’ve started deploying Windows 7, you have users out there without a default screen saver.

So, back to basics: setting a default screen saver with settings that will be compatible with changes in Windows 7 and with your existing Windows XP and Vista clients. First off, start with a Group Policy Object (GPO) that is linked to the OU where your user accounts are located in Active Directory. This can be either a new GPO or an existing GPO that may already have other settings you want applied to all of your users. Next, go to Policy > User Configuration > Administrative Templates > Control Panel > Personalization. Here are the policies you’re looking for:

PolicySetting Option
Enable Screen SaverEnabled
Force Specific Screen SaverEnabledscrnsave.scr
Password Protect Screen SaverEnabled
Screen Saver timeoutEnabledTime set in seconds (900 in the example)

Windows 7 UserScreensaver Group Policy 1 Windows 7 User Screensaver Group Policy 2

From the user’s perspective, the options for setting the screen saver, the wait time, and whether to display the logon screen will be set and grayed out. This policy change will update during a regular Group Policy refresh cycle.

-1+1 (+4 rating, 4 votes)
  1. avatar
    breiti 5 years ago

    this works for me perfectly. thank you.

  2. avatar
    deathtap 5 years ago

    Easy instructions, very well written.

    Thanks for this. Now I can make sure that all my co-workers are forced to use the default screensaver…

    Or one that I want them to see (insert evil laughter here).

  3. avatar
    abland 4 years ago

    Thanks for the tip…… It works and hopefully they don’t change things for Windows 8.

  4. avatar
    pisootegn 1 year ago

    Why some my client do not got srceensaver policy ,i have no idea to fix this

    help me plz ,thankyou

  5. avatar
    pisootegn 12 months ago

    thank you ,now trouble have fixed .cause source files .scr are on the same path. i’m try to unshare and share it again then delete old .scr file ,it worked.

    thank you so much ,

  6. avatar
    Massimo 9 months ago

    pisootegn, can you exactly explain how you have solved. Because I have some clients that do not apply theese settings and some that do. (Obviously I tried the Gpresultant first and many gpupdate /force and computer restart)

    • Profile photo of Kyle Beckman Author
      Kyle Beckman 9 months ago

      Be mindful that this is a user setting… not a computer setting. If you’re applying this to a computer, nothing is going to happen unless you’re using loopback policy to apply the setting to all users logging into the computer. A gpupdate should be all that is necessary. If you’d like to start a new thread in the Forum, you can attach your gpresult file and we can try to help you there.

  7. avatar
    Massimo 9 months ago

    I noticed that. In fact I tried the same user over many pc in the same OU where the policy is attached. And the policy filter is for “Authenticated Users”. That’s why I can’t explain me

    • Profile photo of Kyle Beckman Author
      Kyle Beckman 9 months ago

      Authenticated Users is the default. Like I said, this is a User policy. If you’re attaching it to an OU with computers, it isn’t going to apply to the user unless he’s in that same OU (which I wouldn’t recommend) or you’re using loopback. I really need to see the output of gpresult to see what is going on with your Group Policy config though.

  8. avatar
    Massimo 9 months ago

    Sorry, the computer and the users are in the same OU. We’re doing some test for the productional start in the middle of September. I will produce the Gpresult asap and start the new post

  9. avatar
    Abhishek Jain 1 month ago

    I want Sreensaver time to be extended for some users and that too only for some servers.

    i have  AD 2012 R2


    How to do that..?

    • Profile photo of Kyle Beckman Author
      Kyle Beckman 1 month ago

      AD level won’t matter on this setting. If you’re only wanting it for a specific set of servers, you’ll want to use loopback processing… most likely in Merge mode. Next, you’ll want to create a group that contains all those users. Create a GPO with the timeout you want and set the filtering for that group. Link it to the OU with the precedence set over the other screensaver GPO.

Leave a reply

Your email address will not be published. Required fields are marked *



Please ask IT administration questions in the forum. Any other messages are welcome.

© 4sysops 2006 - 2016

Log in with your credentials


Forgot your details?

Create Account