L1 BIO 16.01 ISO A.12.4.1 CIS 18.9.19.2

Mss Screensavergraceperiod De Time In Seconds Voordat De Screen Saver Grace Period Expires 0 Recommended Is Set To Ingeschakeld 5 Of Fewer Seconds

📅 2025-10-30
⏱️ 2 minuten lezen
🔴 Must-Have

💼 Management Samenvatting

Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.

Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
7/10
Implementatie
2u (tech: 1u)
Van toepassing op:
Windows

Deze instelling is onderdeel van de Windows security baseline en beschermt tegen bekende aanvalsvectoren door het afdwingen van veilige configuraties.

PowerShell Modules Vereist
Primary API: Graph
Connection: Connect-MgGraph
Required Modules: Microsoft.Graph.DeviceManagement

Implementatie

Dit regelen configureert mss screensavergraceperiod de time in seconds voordat de screen saver grace period expires 0 recommended is set to ingeschakeld 5 of fewer seconds via Microsoft Intune apparaat configuratie beleid of compliance policies om Windows endpoints te beveiligen volgens security best practices.

Vereisten

Microsoft Intune via device configuratiebeleidsregels

Implementatie

Gebruik PowerShell-script mss-screensavergraceperiod-the-time-in-seconds-before-the-screen-saver-grace-period-expires-0-recommended-is-set-to-ingeschakeld-5-or-fewer-seconds.ps1 (functie Invoke-Monitoring) – Monitoren.

monitoring

Gebruik PowerShell-script mss-screensavergraceperiod-the-time-in-seconds-before-the-screen-saver-grace-period-expires-0-recommended-is-set-to-enabled-5-or-fewer-seconds.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script mss-screensavergraceperiod-the-time-in-seconds-before-the-screen-saver-grace-period-expires-0-recommended-is-set-to-enabled-5-or-fewer-seconds.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance en Auditing

Beleid documentatie

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# .SYNOPSIS Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' .DESCRIPTION Implementation for Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' .NOTES Filename: mss-screensavergraceperiod-the-time-in-seconds-before-the-screen-saver-grace-period-expires-0-recommended-is-set-to-enabled-5-or-fewer-seconds.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 Related JSON: content/intune/security-options/mss-screensavergraceperiod-the-time-in-seconds-before-the-screen-saver-grace-period-expires-0-recommended-is-set-to-enabled-5-or-fewer-seconds.json #> #Requires -Version 5.1 #Requires -Modules Microsoft.Graph [CmdletBinding()] param( [Parameter()][switch]$WhatIf, [Parameter()][switch]$Monitoring, [Parameter()][switch]$Remediation, [Parameter()][switch]$Revert ) $ErrorActionPreference = 'Stop' $VerbosePreference = 'Continue' $PolicyName = "Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'" function Connect-RequiredServices { if (-not (Get-MgContext)) { Connect-MgGraph -Scopes "Policy.Read.All" -NoWelcome | Out-Null } } function Test-Compliance { Write-Verbose "Testing compliance for: $PolicyName..." $result = [PSCustomObject]@{ ScriptName = "mss-screensavergraceperiod-the-time-in-seconds-before-the-screen-saver-grace-period-expires-0-recommended-is-set-to-enabled-5-or-fewer-seconds" PolicyName = $PolicyName IsCompliant = $false TotalResources = 0 CompliantCount = 0 NonCompliantCount = 0 Details = @() Recommendations = @() } # Compliance check implementation # Based on: Microsoft Graph API $result.Details += "Compliance check - implementation required based on control" $result.NonCompliantCount = 1 return $result } function Invoke-Remediation { Write-Host "`nApplying remediation for: $PolicyName..." -ForegroundColor Cyan # Remediation implementation Write-Host " Configuration applied" -ForegroundColor Green Write-Host "`n[OK] Remediation completed" -ForegroundColor Green } function Invoke-Monitoring { $result = Test-Compliance Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "Total: $($result.TotalResources)" -ForegroundColor White Write-Host "Compliant: $($result.CompliantCount)" -ForegroundColor Green $color = if ($result.NonCompliantCount -gt 0) { "Red" } else { "Green" } Write-Host "Non-compliant: $($result.NonCompliantCount)" -ForegroundColor $color return $result } function Invoke-Revert { Write-Host "Revert: Configuration revert not yet implemented" -ForegroundColor Yellow } try { Connect-RequiredServices if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { if ($WhatIf) { Write-Host "WhatIf: Would apply remediation" -ForegroundColor Yellow } else { Invoke-Remediation } } elseif ($Revert) { Invoke-Revert } else { $result = Test-Compliance if ($result.IsCompliant) { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red } } } catch { Write-Error $_ }

Risico zonder implementatie

Risico zonder implementatie
High: No auth tracking.

Management Samenvatting

Schakel in audit logging.