Earlier, we had a quick preview of configuring a screen saver to be enabled and password protected, but there are many additional display settings that are common to find inside a User experience lockdown policy. Many of those settings are available at User Configuration | Policies | Administrative Templates | Control Panel | Personalization, so let's test some of them out.
I am going to enable a bunch of different settings inside here. The following is a list of the setting names that I am inserting into my policy:
- Prevent changing theme = Enabled
- Enable screensaver = Enabled
- Prevent changing desktop background = Enabled
- Prevent changing screensaver = Enabled
- Prevent changing sounds = Enabled
- Password protect the screensaver = Enabled
- Screensaver timeout = Enabled and set to 300 seconds
Now that all of these settings are configured inside my GPO, I log back into LAPTOP1 as myself and will attempt to get in and change some of these Personalization settings. Inside Display settings, you can see that I am locked out of a number of different places. The options are grayed out and there is a special message near the top of my screen that says Some settings are hidden or managed by your organization:
I also told the GPO to block the changing of sounds, so let's take a look at that as well. Typically, if you open the Control Panel and then head into the Sound section, you will have a screen with four tabs inside it. One of those tabs is called Sounds, which is the location where you could normally change and configure which sounds are presented when certain things happen inside Windows. Now that I have issued my GPO settings, which block the changing of sounds for my user account, you can see that the Sounds tab doesn't even exist:
While this example does go somewhat against our standard best practice of keeping the amount of settings inside each GPO to a minimum, since the settings are all in the same location and are all related to one another, in this case I am willing to make an exception and include all of these settings inside a single GPO. Hopefully, at this point, you are starting to realize, if you didn't already, how much of a centralized management solution Group Policy is going to be for your network!