Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1709
  • Last Modified:

Force users to use winexit.scr

Hello, I need to force users to use winexit.scr. I think that I just need to make two registry changes.

1. I need to be able to specify winexit.scr as the default screensaver for all users who log on. What is the registry key that I need to change that will do this?

2. I then need to restrict users access to the screensaver tab under Display Properties so that they cannot change to a different screensaver. What is the registry key that I need to change for this?

EDIT: These boxes are running Windows 2000 sp4. We are on an NT 4.0 domain.
0
xy8088
Asked:
xy8088
  • 4
1 Solution
 
oBdACommented:
You can do that with a system policy and a customized template:

====8<----[WinExit.adm]----
CLASS USER

CATEGORY !!AdditionalSettings

  CATEGORY !!Desktop

    POLICY !!ScreenSaver
      KEYNAME "Software\Policies\Microsoft\Windows\Control Panel\Desktop"
      PART !!Activated CHECKBOX
        VALUENAME "ScreenSaveActive"
        VALUEON "1"
        VALUEOFF "0"
      END PART
      PART !!Password CHECKBOX
        VALUENAME "ScreenSaverISSecure"
        VALUEON "1"
        VALUEOFF "0"
      END PART
      PART !!Time TEXT END PART
      PART " " NUMERIC TXTCONVERT REQUIRED
        MIN 0
        MAX 599940
        SPIN 60
        VALUENAME "ScreenSaveTimeout"
        DEFAULT "900"
      END PART
      PART !!ScreensaverExe TEXT END PART
      PART " " COMBOBOX NOSORT
        VALUENAME "SCRNSAVE.EXE"
        REQUIRED
        DEFAULT "C:\WinNT\System32\winexit.scr"
        SUGGESTIONS "C:\WinNT\System32\winexit.scr"
        END SUGGESTIONS
      END PART
    END POLICY ; !!Screensaver

  END CATEGORY ; !!Desktop

END CATEGORY ; !!AdditionalSettings

[strings]
AdditionalSettings=Additional settings
Desktop=Desktop
ScreenSaver=Screen saver
Activated=Activate screen saver
Password=Password protected
Time=Time (in seconds):
ScreensaverExe=Path and file name:
====8<----[WinExit.adm]----

Guide to MS Windows NT 4.0 Profiles and Policies
http://www.microsoft.com/technet/prodtechnol/winntas/maintain/prof_pol.mspx

You probably don't need this article; by default, a W2k machine that's a member of an NT4 domain will process the NTConfig.pol in the netlogon folder the same way an NT4 machine would do it:
Group Policies for Windows 2000 Professional Clients in Windows NT 4.0 Domain or Workgroups
http://support.microsoft.com/?kbid=274478
0
 
xy8088Author Commented:
I'm not 100% sure that I understand but from quickly scanning over the provided links it looks like I would need access to the server to get that to work. Let me take a second to better explain the situation that I am in:

I only have local admin access to these machines, I have no access to the server. Also we will be changing from NT to 2003 server pretty soon. Those is the main reasons why I was just looking for a simple registry edit that can do what I need.

Is there a way to use the solution that you gave just on the local machine somehow?
0
 
luv2smileCommented:
If you want to do it locally...then just use local group policy

start - run- type:     gpedit.msc

Then go under:

user config- admin templates- control panel- display:

screensaver and screensaver executable name and password protect

Also you can choose "remove display in control panel" and this will prevent them from changing the screensaver.

Note: Any changes you make locally will affect ALL users on the comptuer including the local admin. You can exclude accounts like the local admin by using security filtering to block them from recieving the policy.

Once you go to 2003 server, the best thing will be to discuss this with your network admin and have them setup a domain group policy for you.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
xy8088Author Commented:
Thanks luv2smile. Your solution looks good. But when I try to implement it this happens:

I have it set so that winexit.scr launches after 15 minutes of user inactivity. The problem is that after 15 minutes of user inactivity an error message pops up saying "Error encountered while creating registry key. Make sure you have Set Value and Create Subkey permissions." Then when you press "OK" the error message dissappears and winexit.scr starts.
0
 
xy8088Author Commented:
Apparantly in order for non-administrators to be able to use winexit.scr, you have to add "Set Value" and "Create Subkey" permissions for the group Everyone on the registry key: HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion. Well I did that and I still get the same error message. So just for the hell of it I tried the whole thing again from scratch but instead of using winexit.scr I used logon.scr and it works fine. So for some reason winexit.scr is causing me headaches now...

0
 
xy8088Author Commented:
Figured it out. The correct key that needs to be modified is:
HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\IniFileMappings\Control.ini
And now everything is working as it should.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now