Skip to main content
All CollectionsConfiguring your Computer
Auto-Lock your Workstation with Screensaver
Auto-Lock your Workstation with Screensaver

Configuring your workstation to auto-lock (and require a password) when the screensaver activates

Ashley Hyman avatar
Written by Ashley Hyman
Updated this week

Leaving your workstation unattended poses a security risk. Configuring an auto-locking screen saver is essential to prevent unauthorized access and ensure compliance. Follow this guide to pass the Screensaver Lock Required on Employee Computers.

  • Note: Your company may have specific auto-lock guidance. Verify with your IT and compliance teams.

To pass the compliance check, your screen saver and require a password must activate within 15 minutes of inactivity. For example, you can set the screensaver to start after 10 minutes of inactivity and then require a password 5 minutes later, ensuring the total idle time does not exceed 15 minutes. This guide will cover various methods to complete this configuration.

Other options are available for different systems, including managed policies on macOS and Group Policy (GPO) on Windows.

Prerequisites

General Requirement: It is recommended to use the latest or current version of your operating system to ensure compatibility and security.

  • For macOS, upgrade to macOS Sonoma 14.4.1 or above.

    • Note: We support macOS versions 13.x.x and 14.x.x, but some settings may not be available in versions prior to macOS 13.

  • For Windows, upgrade to Windows 11.

    • Note: Windows 10 and 11 are both supported, but the instructions below are based on Windows 11, which has a new control panel structure. Some settings may be split between the new Settings interface and the old Control Panel.

  • For Ubuntu, upgrade to Ubuntu 22 + GNOME.

Compliance Note

To ensure continued compliance, follow the specific steps outlined in this document. Failure to complete these steps will result in failing test: Screensaver Lock Required on Employee Computers for your personnel.

Policy Enforcement

Managed policies (device policies) may be used to enforce any of the settings listed below.

Configure your macOS

Note: You can choose between screen settings or display settings.

To pass with screen settings:

  1. Navigate to Lock Screen using Spotlight or System Preferences.

  2. Set Start Screen Saver when inactive to a value less than or equal to 15 minutes.

  3. Set Require password after screen saver begins or display is turned off to Immediately.

To pass with display settings (both battery and power adapter must pass):

  1. Navigate to Lock Screen using Spotlight or System Preferences.

  2. Set Require password after screen saver begins or display is turned off to Immediately.

  3. Set Turn display off on battery when inactive to a value less than or equal to 15 minutes.

  4. Set Turn display off on power adapter when inactive to a value less than or equal to 15 minutes.

Configure your Windows

Microsoft’s Group Policy (GPO) can be used to enforce any of the below settings with group policies.

To pass with screen settings:

  1. Navigate to Screen saver settings through the Start menu or Control Panel.

  2. Select any Screen Saver other than (None).

  3. Set Wait to 15 minutes or less.

To pass with Sleep Settings (both battery (DC) and power adapter (AC) must pass):

  1. Open Settings.

  2. Go to System and then select Power & sleep.

  3. Select Screen and sleep for the active preferred power profile.

  4. Set When plugged in, put my device to sleep after to a value less than or equal to 15 minutes.

  5. Set When on battery power, put my device to sleep after to a value less than or equal to 15 minutes.

  6. Select Accounts and then Sign-in options.

  7. Under Additional settings, set If you've been away, when should Windows require you to sign in again? to When PC wakes up from sleep.

To pass with Policy Override:

When the Inactivity limit group policy override is set after a specified idle time, all other settings are ignored. Ensure the idle time value is set to 15 minutes or less.

Configure your Ubuntu

To pass with screen settings:

  1. Navigate to Settings → Privacy → Screen.

  2. Set Blank Screen Delay to a value less than or equal to 15 minutes.

  3. Toggle Automatic Screen Lock to ON.

  4. Set Automatic Screen Lock Delay to Screen Turns Off.

To pass with Suspend lock (both battery (DC) and power adapter (AC)

  1. Navigate to the Power panel in Activities overview.

  2. Set the Automatic Suspend switch to ON.

  3. Set On Battery Power switch to On and Delay to a value less than or equal to 15 minutes.

  4. Set Plugged In switch to ON and Delay to a value less than or equal to 15 minutes.

Did this answer your question?