Solved

Group Policy question - locking desktops

Posted on 2004-10-13
5
276 Views
Last Modified: 2010-04-19
We have all of our XP pro systems running on a windows 2003 AD domain.  There is a group policy in place that locks the desktop after 10 minutes of inactivity.  I have a few desktops where I want to turn off this feature, but want to keep this policy in place for the rest.  How do I go about this?  I've tried looking around and the Group Policy is applied at the root of the AD so I can't see a way to do an exclude certain systems.  I assume I need to add them to a specific Group and then exclude that group, right?  Please be as verbose as possible in your reply and thanks!

-Patrick
0
Comment
Question by:oltraver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:luv2smile
ID: 12301211
If the policy is the default domain police then it will apply to all computers in the domain. What you need to do is to utilize Organization Unites (OUs) to group the computers the way you want them and then create a new group policy and apply it to the specific OU.

For example....create 2 OUs....one for the computers you want to lock down and one for the computers you don't. Create a policy...you can call it something like "lockdown" and apply it to the OU of the computers you want to lock down.

GPO applies to OUs, not specific users or groups.
0
 

Author Comment

by:oltraver
ID: 12301452
So I need to remove the locking property from the default domain policy first, then just apply it to an OU that I create for the non-locking computers?

If I already have a bunch of OUs defined and populated, do I need to create the locking policy for each of the existing ones that I want locked?  How can idetermine the policies that might ALREADY be applied to the existing OUs?

Sorry I don't know more about this, I inheritied this network form a previous admin.

Thanks!
0
 
LVL 18

Accepted Solution

by:
luv2smile earned 500 total points
ID: 12301584
You can link GPOs to different OUs...see the following article:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dmebb_gpu_onsl.asp

You can run the Resultant Set of Policy Tool to find out what GPOs are applied in your domain:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/RSPintro.asp
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12304324
In order for policies to apply to an object, the object needs Read access and Apply access.  If you give the object the Deny privilage, it will not apply to that object.

I would add the PCs that I don't want the policy to apply to a security group.  Then open the security tab from the GPO and add the group to the list.  Then give that group the Deny privilage.  The policy will not apply to those PCs.  This is assuming that the settings are in the Computer configuration section of the policy and not the User section.  If you are not using settings from one of the sections, you can disable that part of the policy to speed up processing.  

Thanks,
Chris
0
 

Author Comment

by:oltraver
ID: 12312630
Thanks!  Those links had the last bits of info I needed to pull it all together.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question