Force users to use winexit.scr

Posted on 2005-04-02
Medium Priority
Last Modified: 2013-12-04
Hello, I need to force users to use winexit.scr. I think that I just need to make two registry changes.

1. I need to be able to specify winexit.scr as the default screensaver for all users who log on. What is the registry key that I need to change that will do this?

2. I then need to restrict users access to the screensaver tab under Display Properties so that they cannot change to a different screensaver. What is the registry key that I need to change for this?

EDIT: These boxes are running Windows 2000 sp4. We are on an NT 4.0 domain.
Question by:xy8088
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
LVL 85

Expert Comment

ID: 13691497
You can do that with a system policy and a customized template:


CATEGORY !!AdditionalSettings

  CATEGORY !!Desktop

    POLICY !!ScreenSaver
      KEYNAME "Software\Policies\Microsoft\Windows\Control Panel\Desktop"
      PART !!Activated CHECKBOX
        VALUENAME "ScreenSaveActive"
        VALUEON "1"
        VALUEOFF "0"
      END PART
      PART !!Password CHECKBOX
        VALUENAME "ScreenSaverISSecure"
        VALUEON "1"
        VALUEOFF "0"
      END PART
        MIN 0
        MAX 599940
        SPIN 60
        VALUENAME "ScreenSaveTimeout"
        DEFAULT "900"
      END PART
      PART !!ScreensaverExe TEXT END PART
        DEFAULT "C:\WinNT\System32\winexit.scr"
        SUGGESTIONS "C:\WinNT\System32\winexit.scr"
      END PART
    END POLICY ; !!Screensaver

  END CATEGORY ; !!Desktop

END CATEGORY ; !!AdditionalSettings

AdditionalSettings=Additional settings
ScreenSaver=Screen saver
Activated=Activate screen saver
Password=Password protected
Time=Time (in seconds):
ScreensaverExe=Path and file name:

Guide to MS Windows NT 4.0 Profiles and Policies

You probably don't need this article; by default, a W2k machine that's a member of an NT4 domain will process the NTConfig.pol in the netlogon folder the same way an NT4 machine would do it:
Group Policies for Windows 2000 Professional Clients in Windows NT 4.0 Domain or Workgroups

Author Comment

ID: 13693631
I'm not 100% sure that I understand but from quickly scanning over the provided links it looks like I would need access to the server to get that to work. Let me take a second to better explain the situation that I am in:

I only have local admin access to these machines, I have no access to the server. Also we will be changing from NT to 2003 server pretty soon. Those is the main reasons why I was just looking for a simple registry edit that can do what I need.

Is there a way to use the solution that you gave just on the local machine somehow?
LVL 18

Accepted Solution

luv2smile earned 900 total points
ID: 13696872
If you want to do it locally...then just use local group policy

start - run- type:     gpedit.msc

Then go under:

user config- admin templates- control panel- display:

screensaver and screensaver executable name and password protect

Also you can choose "remove display in control panel" and this will prevent them from changing the screensaver.

Note: Any changes you make locally will affect ALL users on the comptuer including the local admin. You can exclude accounts like the local admin by using security filtering to block them from recieving the policy.

Once you go to 2003 server, the best thing will be to discuss this with your network admin and have them setup a domain group policy for you.
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.


Author Comment

ID: 13701431
Thanks luv2smile. Your solution looks good. But when I try to implement it this happens:

I have it set so that winexit.scr launches after 15 minutes of user inactivity. The problem is that after 15 minutes of user inactivity an error message pops up saying "Error encountered while creating registry key. Make sure you have Set Value and Create Subkey permissions." Then when you press "OK" the error message dissappears and winexit.scr starts.

Author Comment

ID: 13702479
Apparantly in order for non-administrators to be able to use winexit.scr, you have to add "Set Value" and "Create Subkey" permissions for the group Everyone on the registry key: HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion. Well I did that and I still get the same error message. So just for the hell of it I tried the whole thing again from scratch but instead of using winexit.scr I used logon.scr and it works fine. So for some reason winexit.scr is causing me headaches now...


Author Comment

ID: 13702850
Figured it out. The correct key that needs to be modified is:
And now everything is working as it should.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month8 days, 17 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question