Group Policy Confusion
Posted on 2004-11-08
Over the weekend I tried to apply a group policy setting that would automatically lock the workstations after 10 minutes of idle time. I did this by making the following changes...
I edited the Default Domain Policy on domain.local (On the only DC in the organization)
User Configuration / Administrative Templates / Control Panel / Display
Hide Screen Saver Tab: enabled
Screen Saver: enabled
Screen Saver Executable Name: logon.scr
Password Protect the Screen Saver: enabled
Screen Saver Timeout: enabled
I made the changes yesterday and ran secedit /refreshpolicy USER_POLICY /enforce on the DC
The domain is in mixed mode (used to have win98 clients, but no longer) with only Win2k and WinXP clients. For some reason, some clients act accordingly...the passworded screensaver comes on after 10 minutes. But other clients have weird settings. Like my machine for instance (I have a domain admin account), the screensaver has been changed and the timeout is fine, but it doesn't password protect. The screensaver tab is also missing, which it should.
However another domain admin's pc has it working fine, except his screensaver tab is just greyed out, not missing.
Then I have some clients that even after I run gpupdate on, no settings are applied at all and the user can make all the changes they want to the screen saver.
I need some help diagnosing why I am getting such varied results and how to fix it.