TWCMIL
asked on
Prevent users from bypassing screensaver policy via REGEDIT
We have a GPO that defines screen saver settings for our users, and prevents them from modifying those settings via the Windows GUI. However, some of our users have figured out that they can update the settings to those of their liking via REGEDIT.
We are looking for ways to prevent them from modifying these keys, or if this cannot be prevented, a mechanism to automatically revert the keys back to their original values if they are modified. We'd prefer not to use any third party software to do this. The keys in question are:
[HKEY_CURRENT_USER\Softwar
"ScreenSaverIsSecure"="1"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="Policy.scr
"ScreenSaveTimeOut"="900"
Any suggestions would be appreciated.
We are looking for ways to prevent them from modifying these keys, or if this cannot be prevented, a mechanism to automatically revert the keys back to their original values if they are modified. We'd prefer not to use any third party software to do this. The keys in question are:
[HKEY_CURRENT_USER\Softwar
"ScreenSaverIsSecure"="1"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="Policy.scr
"ScreenSaveTimeOut"="900"
Any suggestions would be appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
also user permissions on the local machine,
Domain user should not be allowed to modify registry settings.
Block it using GPO.
http://www.ehow.com/how_6056513_disable-tools-per-group-policy.html
Block it using GPO.
http://www.ehow.com/how_6056513_disable-tools-per-group-policy.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help, and sorry about the delay. Blocking the reg editing tools will help, but oBdA made a good point about Admin rights -- ultimately that is the issue we need to address.