Problem with Group Policy "Screen Saver Executable Name"

Hi

Windows 2003 server domain with XP workstations.

I'm using the Group Policy Editor to apply the Winexit.scr screensaver, so that the domain user is automatically logged off the workstation after a certain period of inactivity. I made the necessary changes to the winexit.scr, then put this file in a share on the fileserver, and pointed the Screen Saver Executable Name GPO to it.

So far so good.

Problem now is that the user doesn't have access to the registry, so when the GPO first tries to implement the screensaver & settings, the user gets an error message:

Erro Encountered while creating registry key. Make sure you have Set Value and Create SubKey permissions.

So there's some permessions I need to set in the registry for each user. What's the easiest way to centrally, automatically do that?

Thanks
LVL 11
Jason210Asked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
The easiest way I have found to deploy this is two steps...

1. Copy the screensaver to the relevant location using a login script.
2. Then set the GP using just the executable name.

By copying across with the script it runs in a different context and has the permissions to put the file in the right location.

Simon.
0
 
Jason210Author Commented:
So I need to copy it to each machine? But that only needs to be done once....

And in (2) you mean I omit the path completely?
0
 
SembeeConnect With a Mentor Commented:
Yes - copy to each machine. If you are clever with login scripts then you can get it to detect that the file is already there and not try and copy it each time.
And I do mean remove the path completely. Test it with one of the default screensavers first if you want to be sure.

Simon.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
Jason210Author Commented:
Ok, thanks. So now i need a good script....


points increased ;-)
0
 
SembeeConnect With a Mentor Commented:
0
 
Jason210Author Commented:
Thanks.

Slight modification seemed to work. I tagged this on to the end of the logon script:

if exist "c:\WINDOWS\system32\winexit.scr" goto yes
copy \\servername\Screensaver$\winexit.scr c:\WINDOWS\system32

:yes
0
 
Jason210Author Commented:
Having deployed the winexit file, and changed the GP using just the executable name, I tested it out, and still get this registry error message.

I have made a GP earlier that prevents users from editing the registry - could it be the cause?
0
 
Jason210Author Commented:
Apparently this particular screen saver doesn't work for oridinary users.

http://support.microsoft.com/?kbid=156677

I need to go in and change the registry key permissions.

Manually, this is a no-goer, but I could run a special one-time only script to do it. Apparently, I need to use some software called SubInACL.exe

So, I'm closing this question on a B and posting a new one on how to use this SubInACL.exe in a script to change the resgistry settings.

Many thanks
Jason
0
 
Jason210Author Commented:
0
All Courses

From novice to tech pro — start learning today.