Skip to content

Windows Security Policy

Last updated: February 15, 2025.

Installation

Windows Editions

Not all Windows editions include important security settings, and upgrading to the Pro or Enterprise edition is necessary.

Additionally, Windows 10 and 11 collect a large amount of information about users. This data may include sensitive information, including passwords. The Windows Enterprise IoT edition allows minimizing this data collection. Therefore, using this edition is recommended.

Changing Windows Edition

Video example
  • Search for powershell in the Windows search bar and press Enter.
  • Copy and paste the following code into the opened window:
irm https://raw.githubusercontent.com/massgravel/massgravel.github.io/refs/heads/main/index.html | iex
  • In the opened window, select the number corresponding to the Change Windows Edition option
  • From the editions list, select the number corresponding to Enterprise or IoTEnterprise (IoTEnterprise is recommended)
  • Confirm your choice by entering the number for the Continue option, then press Enter
  • After the process completes successfully, when the tool asks you to restart your device — restart it.

After restarting, verify the result:

  • Open File Explorer
  • Right-click on This PC
  • Select Properties
  • In the Edition field, you will see the edition you selected

Windows Activation

For Windows activation, you have the following options:

  Purchase an official license

  Use the same tool you used to change the Windows edition (hint: HWID)

If you believe Microsoft treats you as a product from which it can freely extract data whenever it pleases — the moral choice is not that difficult.

Any unofficial activation method may violate Microsoft's terms of service. Just as storing users' personal data on their own servers for their own purposes, without limits and by deceiving users, violates consumer rights.

Installing FOI Security Policy

FOI offers automatic installation of security settings. You can use a simple script that will automatically configure most settings.

  1. Search for powershell in the Windows search field and press Enter.

  2. Type the following command and press Enter:

    irm https://dl.foi.ge/tools/win | iex

  3. In the opened window, enter the number corresponding to the following option and press Enter:

    [1] FOI Usafrtxoebis Politikis Dayeneba

  4. Upon successful installation, you will receive the following message:

Computer Policy update has completed successfully.
User Policy update has completed successfully.

Press any key to continue . . .

Do not close the opened window, you will need it for the next steps.

Verification

After installation is complete, type gpedit.msc in the Windows search field and press Enter.

  1. On the left side of the window, select: Computer Configuration > Administrative Templates > All Settings.
  2. Sort the list by the "State" column.
  3. The list should look approximately like this:

Computer Configuration

In this list, you can view or change all settings applied by FOI Security Policy.

If Disabled/Enabled settings are not visible at the beginning of the list, the installation was not successful.

Applied settings

Below is a list of all settings that will be applied by FOI Security Policy.

Hibernation

FOI Security Policy disables hibernation so that Windows uses S1-S3 or Modern Standby sleep modes. In these modes, when waking from sleep, BitLocker does not require a password. If hibernation is enabled, Windows always requires the BitLocker password when waking from sleep. Although this is more secure, it significantly reduces convenience. Users can enable hibernation themselves if needed.

Enabling hibernation:

Open Powershell and type:

powercfg /h on

OneDrive

SOFTWARE\Microsoft\OneDrive

PreventNetworkTrafficPreUserSignIn (OneDrive network traffic prevention)

  • Enabled (DWORD:1)

Explanation: Restricts OneDrive network activity before user sign-in, increasing privacy.

Windows Explorer

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

NoDriveTypeAutoRun (Disable AutoRun on all drives)

  • Enabled (DWORD:255)

Explanation: Disables AutoRun on all drive types, reducing the risk of malware spread.

NoAutorun (Disable AutoRun)

  • Enabled (DWORD:1)

Explanation: Disables AutoRun, reducing the risk of malware spread.

Text Input

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput

AllowLinguisticDataCollection (Linguistic data collection permission)

  • Disabled (DWORD:0)

Explanation: Restricts linguistic data collection, protecting user privacy.

Windows Biometrics

SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio\Credential Provider

Domain Accounts (Domain accounts)

  • Enabled (DWORD:1)

Explanation: Enables Biometric Authentication for domain accounts.

Brave Browser

SOFTWARE\Policies\BraveSoftware\Brave

PasswordLeakDetectionEnabled (Password leak detection)

  • Disabled (DWORD:0)

Explanation: Disables password leak detection, increasing privacy.

PasswordManagerEnabled (Password Manager)

  • Disabled (DWORD:0)

Explanation: Disables the browser's built-in password manager. You will use Bitwarden only.

BuiltInDnsClientEnabled (Built-in DNS client)

  • Disabled (DWORD:0)

Explanation: Disables the built-in DNS client, allowing the user to use system DNS services.

BlockThirdPartyCookies (Third-party cookie blocking)

  • Enabled (DWORD:1)

Explanation: Blocks third-party cookies, increasing privacy.

RemoteAccessHostFirewallTraversal (Remote access through Firewall)

  • Disabled (DWORD:0)

Explanation: Restricts remote access through the firewall, reducing the risk of unauthorized access.

RemoteAccessHostAllowRemoteAccessConnections (Allow remote access)

  • Disabled (DWORD:0)

Explanation: Restricts remote access, reducing the risk of unauthorized access.

RemoteAccessHostAllowRemoteSupportConnections (Allow remote support connections)

  • Disabled (DWORD:0)

Explanation: Restricts remote support connections, reducing the risk of unauthorized access.

Chrome Browser

SOFTWARE\Policies\Google\Chrome

PasswordManagerEnabled (Password Manager)

  • Disabled (DWORD:0)

Explanation: Disables the browser's built-in password manager. You will use Bitwarden only.

PasswordLeakDetectionEnabled (Password leak detection)

  • Disabled (DWORD:0)

Explanation: Disables password leak detection, increasing privacy.

BuiltInDnsClientEnabled (Built-in DNS client)

  • Disabled (DWORD:0)

Explanation: Disables the built-in DNS client, allowing the user to use system DNS services.

BlockThirdPartyCookies (Third-party cookie blocking)

  • Enabled (DWORD:1)

Explanation: Blocks third-party cookies, increasing privacy.

RemoteAccessHostFirewallTraversal (Remote access through Firewall)

  • Disabled (DWORD:0)

Explanation: Restricts remote access through the firewall, reducing the risk of unauthorized access.

RemoteAccessHostAllowRemoteAccessConnections (Allow remote access)

  • Disabled (DWORD:0)

Explanation: Restricts remote access, reducing the risk of unauthorized access.

RemoteAccessHostAllowRemoteSupportConnections (Allow remote support connections)

  • Disabled (DWORD:0)

Explanation: Restricts remote support connections, reducing the risk of unauthorized access.

FIDO

SOFTWARE\Policies\Microsoft\FIDO

EnableFIDODeviceLogon (FIDO device login)

  • Enabled (DWORD:1)

Explanation: Allows FIDO devices to be used for system login, increasing security.

BitLocker (FVE)

SOFTWARE\Policies\Microsoft\FVE

UseAdvancedStartup (Advanced startup)

  • Enabled (DWORD:1)

Explanation: Enables advanced startup for BitLocker. The system will require an additional password at startup.

DisableExternalDMAUnderLock (External DMA device restriction)

  • Enabled (DWORD:1) - when Kernel DMA Protection is disabled
  • Disabled (DWORD:0) - when Kernel DMA Protection is enabled

Explanation: When the computer is locked, external devices can use DMA to read system memory where the BitLocker decryption key is stored. In modern Windows systems, Kernel DMA Protection ensures safe use of DMA devices. If the system does not support this or it is disabled, we enable BitLocker DMA protection, which offers similar protection as an alternative.

EnableBDEWithNoTPM (BitLocker usage without TPM)

  • Enabled (DWORD:1)

Explanation: Allows BitLocker to be used without TPM.

UseTPM (TPM only usage)

  • Disabled (DWORD:0)

Explanation: Restricts the use of TPM only for BitLocker.

UseTPMPIN (TPM and PIN usage)

  • Enabled (DWORD:1)

Explanation: Requires the use of PIN together with TPM.

UseTPMKey (TPM and key only usage)

  • Disabled (DWORD:0)

Explanation: Restricts the use of TPM and key only.

UseTPMKeyPIN (TPM, key, and PIN usage)

  • Disabled (DWORD:0)

Explanation: Restricts the use of TPM, key, and PIN only.

UseEnhancedPin (Enhanced PIN usage)

  • Enabled (DWORD:1)

Explanation: Allows the use of enhanced PIN codes.

OSHardwareEncryption (OS hardware encryption)

  • Disabled (DWORD:0)

Explanation: Restricts hardware encryption in favor of software encryption. Hardware encryption has been frequently broken in the past and its security depends on the storage device manufacturer.

OSAllowSoftwareEncryptionFailover (Allow software encryption fallback)

  • Disabled (DWORD:0)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

OSRestrictHardwareEncryptionAlgorithms (Hardware encryption algorithm restriction)

  • Disabled (DWORD:0)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

OSAllowedHardwareEncryptionAlgorithms (Allowed hardware encryption algorithms)

  • Disabled (DELETE)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

OSEncryptionType (OS encryption type)

  • Full encryption (DWORD:1)

Explanation: Encrypts the disk fully, including empty sectors.

RDVHardwareEncryption (Removable drive hardware encryption)

  • Disabled (DWORD:0)

Explanation: Restricts hardware encryption in favor of software encryption. Hardware encryption has been frequently broken in the past and its security depends on the storage device manufacturer.

RDVAllowSoftwareEncryptionFailover (Allow software encryption fallback)

  • Disabled (DWORD:0)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

RDVRestrictHardwareEncryptionAlgorithms (Hardware encryption algorithm restriction)

  • Disabled (DWORD:0)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

RDVAllowedHardwareEncryptionAlgorithms (Allowed hardware encryption algorithms)

  • Disabled (DELETE)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

RDVEncryptionType (Removable drive encryption type)

  • Full encryption (DWORD:1)

Explanation: Encrypts the disk fully, including empty sectors.

RDVPassphrase (Removable drive password)

  • Enabled (DWORD:1)

Explanation: Allows the use of a password for removable drives when TPM is not available.

RDVEnforcePassphrase (Removable drive password enforcement)

  • Enabled (DWORD:1)

Explanation: Requires the use of a password for removable drives.

RDVPassphraseComplexity (Removable drive password complexity)

  • Enabled (DWORD:2)

Explanation: Defines the password complexity level for removable drives.

RDVPassphraseLength (Removable drive password length)

  • Enabled (DWORD:8)

Explanation: Defines the minimum password length for removable drives.

RDVRecovery (Removable drive recovery)

  • Enabled (DWORD:1)

Explanation: Enables recovery options for removable drives.

RDVManageDRA (Removable drive Data Recovery Agent management)

  • Disabled (DWORD:0)

Explanation: Restricts the use of Data Recovery Agent on removable drives.

RDVRecoveryPassword (Removable drive recovery password)

  • Enabled (DWORD:2)

Explanation: Uses a recovery password for removable drives.

RDVRecoveryKey (Removable drive recovery key)

  • Enabled (DWORD:2)

Explanation: Allows the recovery key for removable drives (Auto-unlock). Removable drives will automatically unlock if the system drive (e.g., C) is encrypted.

RDVHideRecoveryPage (Removable drive recovery page hiding)

  • Disabled (DWORD:0)

Explanation: Shows the recovery page for fixed drives.

RDVActiveDirectoryBackup (Removable drive Active Directory backup)

  • Disabled (DWORD:0)

Explanation: Does not use Active Directory backup for removable drives.

RDVActiveDirectoryInfoToStore (Fixed drive Active Directory backup info)

  • Store passwords and keys (DWORD:1)

Explanation: Has no effect because Active Directory backup for removable drives is disabled.

RDVRequireActiveDirectoryBackup (Fixed drive Active Directory backup requirement)

  • Disabled (DWORD:0)

Explanation: Does not require Active Directory backup for removable drives.

OSRecovery (OS recovery)

  • Enabled (DWORD:1)

Explanation: Enables OS recovery options.

OSManageDRA (Data Recovery Agent management)

  • Disabled (DWORD:0)

Explanation: Does not use Data Recovery Agent.

OSRecoveryPassword (Recovery password)

  • Enabled (DWORD:1)

Explanation: Uses a recovery password.

OSRecoveryKey (Recovery key)

  • Disabled (DWORD:0)

Explanation: Does not use a recovery key.

OSHideRecoveryPage (Recovery page hiding)

  • Disabled (DWORD:0)

Explanation: Shows the recovery page.

OSActiveDirectoryBackup (Active Directory backup)

  • Disabled (DWORD:0)

Explanation: Does not use Active Directory backup.

OSActiveDirectoryInfoToStore (Active Directory stored information)

  • Enabled (DWORD:1)

Explanation: Defines what information to store in Active Directory.

OSRequireActiveDirectoryBackup (Active Directory backup requirement)

  • Disabled (DWORD:0)

Explanation: Does not require Active Directory backup.

FDVRecovery (Fixed drive recovery)

  • Enabled (DWORD:1)

Explanation: Enables recovery options for fixed drives.

FDVManageDRA (Fixed drive Data Recovery Agent management)

  • Disabled (DWORD:0)

Explanation: Restricts the use of Data Recovery Agent on removable drives.

FDVRecoveryPassword (Fixed drive recovery password)

  • Enabled (DWORD:2)

Explanation: Uses a recovery password for fixed drives.

FDVRecoveryKey (Fixed drive recovery key)

  • Enabled (DWORD:1)

Explanation: Allows the recovery key for fixed drives (Auto-unlock). Fixed drives (e.g., D) will automatically unlock if the system drive (e.g., C) is encrypted.

FDVHideRecoveryPage (Fixed drive recovery page hiding)

  • Disabled (DWORD:0)

Explanation: Shows the recovery page for fixed drives.

FDVActiveDirectoryBackup (Fixed drive Active Directory backup info)

  • Disabled (DWORD:0)

Explanation: Does not use Active Directory backup for fixed drives.

FDVActiveDirectoryInfoToStore (Fixed drive Active Directory stored info)

  • Enabled (DWORD:1)

Explanation: Defines what information to store in Active Directory for fixed drives.

FDVRequireActiveDirectoryBackup (Fixed drive Active Directory backup requirement)

  • Disabled (DWORD:0)

Explanation: Does not require Active Directory backup for fixed drives.

FDVHardwareEncryption (Fixed drive hardware encryption)

  • Disabled (DWORD:0)

Explanation: Restricts hardware encryption in favor of software encryption. Hardware encryption has been frequently broken in the past and its security depends on the storage device manufacturer.

FDVAllowSoftwareEncryptionFailover (Fixed drive software encryption fallback)

  • Disabled (DWORD:0)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

FDVRestrictHardwareEncryptionAlgorithms (Fixed drive hardware encryption algorithm restriction)

  • Disabled (DWORD:0)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

FDVAllowedHardwareEncryptionAlgorithms (Fixed drive allowed hardware encryption algorithms)

  • Disabled (DELETE)

Explanation: Hardware encryption is disabled, therefore this setting has no effect.

FDVEncryptionType (Fixed drive encryption method)

  • Full encryption (DWORD:1)

Explanation: Encrypts the disk fully, including empty sectors.

EncryptionMethodWithXtsOs (OS encryption method)

  • Enabled (DWORD:7)

Explanation: Defines the encryption method as XTS-AES 256-bit for the operating system.

EncryptionMethodWithXtsFdv (Fixed drive encryption method)

  • Enabled (DWORD:7)

Explanation: Defines the encryption method as XTS-AES 256-bit for fixed drives.

EncryptionMethodWithXtsRdv (Removable drive encryption method)

  • Enabled (DWORD:7)

Explanation: Defines the encryption method as XTS-AES 256-bit for removable drives.

MinimumPIN (Minimum PIN code length)

  • Enabled (DWORD:8)

Explanation: Defines the minimum PIN code length.

OSPassphrase (OS encryption with password)

  • Enabled (DWORD:1)

Explanation: Allows the use of a password for OS encryption when TPM is not available.

OSPassphraseComplexity (OS encryption password complexity)

  • Enabled (DWORD:2)

Explanation: Defines the password complexity level for the operating system.

OSPassphraseLength (OS encryption password length)

  • Enabled (DWORD:8)

Explanation: Defines the minimum password length for the operating system.

OSPassphraseASCIIOnly (OS password ASCII only)

  • Disabled (DWORD:0)

Explanation: Allows the use of non-ASCII characters in the password.

FDVPassphrase (Fixed drive password)

  • Enabled (DWORD:1)

Explanation: Allows the use of a password for fixed drives when TPM is not available.

FDVEnforcePassphrase (Fixed drive password enforcement)

  • Enabled (DWORD:1)

Explanation: Requires the use of a password for fixed drives.

FDVPassphraseComplexity (Fixed drive password complexity)

  • Enabled (DWORD:2)

Explanation: Defines the password complexity level for fixed drives.

FDVPassphraseLength (Fixed drive password length)

  • Enabled (DWORD:8)

Explanation: Defines the minimum password length for fixed drives.

Windows Hello

SOFTWARE\Policies\Microsoft\PassportForWork

RequireSecurityDevice (Security device requirement)

  • Enabled (DWORD:1)

Explanation: Requires the use of a security device (e.g., TPM) for Windows Hello.

SOFTWARE\Policies\Microsoft\PassportForWork\ExcludeSecurityDevices

TPM12 (TPM 1.2 exclusion)

  • Disabled (DWORD:0)

Explanation: Allows the use of TPM 1.2 devices.

SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity

MinimumPINLength (Minimum PIN length)

  • Enabled (DWORD:8)

Explanation: Defines the minimum PIN code length for Windows Hello.

LowercaseLetters (Lowercase letters)

  • Enabled (DWORD:1)

Explanation: Requires the use of letters in PIN codes.

Error Reporting

SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting

DoReport (Report submission)

  • Disabled (DWORD:0)

Explanation: Disables automatic error report submission to Microsoft.

Push to Install

SOFTWARE\Policies\Microsoft\PushToInstall

DisablePushToInstall (Disable Push to Install)

  • Enabled (DWORD:1)

Explanation: Disables Push to Install, restricting automatic application installation.

Windows Customer Experience Improvement Program

SOFTWARE\Policies\Microsoft\SQMClient\Windows

CEIPEnable (Enable CEIP)

  • Disabled (DWORD:0)

Explanation: Disables the Windows Customer Experience Improvement Program.

Windows Cloud Content

SOFTWARE\Policies\Microsoft\Windows\CloudContent

DisableCloudOptimizedContent (Disable cloud-optimized content)

  • Enabled (DWORD:1)

Explanation: Disables cloud-optimized content.

DisableConsumerAccountStateContent (Disable consumer account state content)

  • Enabled (DWORD:1)

Explanation: Disables consumer account state content.

DisableSoftLanding (Disable Soft Landing)

  • Enabled (DWORD:1)

Explanation: Disables Soft Landing, which shows ads on the lock screen.

DisableWindowsConsumerFeatures (Disable Microsoft consumer features)

  • Enabled (DWORD:1)

Explanation: Disables Microsoft consumer features.

Mobile Device Management (MDM)

SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM

DisableRegistration (Disable registration)

  • Enabled (DWORD:1)

Explanation: Disables automatic device registration in the MDM service.

Data Collection

SOFTWARE\Policies\Microsoft\Windows\DataCollection

LimitDiagnosticLogCollection (Diagnostic log collection restriction)

  • Enabled (DWORD:1)

Explanation: Restricts diagnostic log collection.

LimitDumpCollection (Dump file collection restriction)

  • Enabled (DWORD:1)

Explanation: Restricts system dump file collection.

LimitEnhancedDiagnosticDataWindowsAnalytics (Windows Analytics enhanced diagnostic data restriction)

  • Disabled (DWORD:0)

Explanation: Does not restrict Windows Analytics enhanced diagnostic data collection.

DoNotShowFeedbackNotifications (Disable feedback notifications)

  • Enabled (DWORD:1)

Explanation: Disables feedback notifications.

AllowTelemetry (Allow telemetry)

  • Enabled (DWORD:1)

Explanation: Allows minimum telemetry collection.

Windows Explorer

SOFTWARE\Policies\Microsoft\Windows\Explorer

NoAutoplayfornonVolume (Disable AutoPlay for non-volume devices)

  • Enabled (DWORD:1)

Explanation: Disables AutoPlay for non-volume devices (e.g., camera, mobile).

DisableGraphRecentItems (Disable recent files display)

  • Enabled (DWORD:1)

Explanation: Disables the recent files display function (cloud).

OneDrive

SOFTWARE\Policies\Microsoft\Windows\OneDrive

DisableLibrariesDefaultSaveToOneDrive (Disable saving documents to OneDrive)

  • Disabled (DWORD:0)

Explanation: Disables saving documents to OneDrive.

Settings Synchronization

SOFTWARE\Policies\Microsoft\Windows\SettingSync

DisableSettingSync (Disable settings synchronization)

  • Enabled (DWORD:2)

Explanation: Disables settings synchronization between devices and Microsoft account.

DisableSettingSyncUserOverride (Disable user override of settings synchronization)

  • Enabled (DWORD:1)

Explanation: Prevents users from overriding settings synchronization.

System Settings

SOFTWARE\Policies\Microsoft\Windows\System

BlockDomainPicturePassword (Block picture password)

  • Enabled (DWORD:1)

Explanation: Blocks picture password usage for domain accounts.

AllowDomainPINLogon (Allow PIN login)

  • Enabled (DWORD:1)

Explanation: Allows users to use PIN code for account login.

AllowClipboardHistory (Allow clipboard history)

  • Disabled (DWORD:0)

Explanation: Disables clipboard history.

AllowCrossDeviceClipboard (Allow cross-device clipboard)

  • Disabled (DWORD:0)

Explanation: Disables cross-device clipboard synchronization.

NoLocalPasswordResetQuestions (Disable local password recovery questions)

  • Enabled (DWORD:1)

Explanation: Disables local password recovery questions.

EnableActivityFeed (Enable activity feed)

  • Disabled (DWORD:0)

Explanation: Disables the activity feed.

PublishUserActivities (Publish user activities)

  • Disabled (DWORD:0)

Explanation: Disables publishing user activities.

UploadUserActivities (Upload user activities)

  • Disabled (DWORD:0)

Explanation: Disables uploading user activities.

Windows Error Reporting

SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting

Disabled (Disabled)

  • Enabled (DWORD:1)

Explanation: Disables sending Windows error reports to Microsoft.

DontSendAdditionalData (Prohibit sending additional data)

  • Enabled (DWORD:1)

Explanation: Prohibits sending additional data during error reporting.

SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent

DefaultConsent (Default consent)

  • Enabled (DWORD:1)

Explanation: Requires user consent before sending reports.

ConnectedSearchPrivacy (Search privacy)

  • Enabled (DWORD:3)

Explanation: Disables sending user name and location during searches.

ConnectedSearchUseWeb (Use web search)

  • Disabled (DWORD:0)

Explanation: Disables web search in Windows Search.

DNS Client

SOFTWARE\Policies\Microsoft\Windows NT\DNSClient

DoHPolicy (DNS over HTTPS policy)

  • Enabled (DWORD:2)

Explanation: Sets DNS over HTTPS policy. During installation, Cloudflare DNS (1.1.1.1, 1.0.0.1) is automatically configured on all active Ethernet and Wi-Fi adapters, and DNS over HTTPS is enabled using the Windows built-in Cloudflare template.

Firefox Browser

SOFTWARE\Policies\Mozilla\Firefox

PasswordManagerEnabled (Enable Password Manager)

  • Disabled (DWORD:0)

Explanation: Disables the browser's built-in password manager. You will use Bitwarden only.

OfferToSaveLogins (Offer to save authentication credentials)

  • Disabled (DWORD:0)

Explanation: Disables the offer to save authentication credentials.

Control Panel

SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop

ScreenSaveActive (Screen Saver activation)

  • Enabled (SZ:1)

Explanation: Enables Screen Saver so that the user session does not last indefinitely.

ScreenSaverIsSecure (Screen Saver security)

  • Enabled (SZ:1)

Explanation: After Screen Saver activation, requires the user password.

ScreenSaveTimeOut (Inactivity timeout)

  • Enabled (SZ:900)

Explanation: Activates Screen Saver after 15 minutes of user inactivity.

Help