Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 672
  • Last Modified:

Problem with Group Policy "Screen Saver Executable Name"

Hi

Windows 2003 server domain with XP workstations.

I'm using the Group Policy Editor to apply the Winexit.scr screensaver, so that the domain user is automatically logged off the workstation after a certain period of inactivity. I made the necessary changes to the winexit.scr, then put this file in a share on the fileserver, and pointed the Screen Saver Executable Name GPO to it.

So far so good.

Problem now is that the user doesn't have access to the registry, so when the GPO first tries to implement the screensaver & settings, the user gets an error message:

Erro Encountered while creating registry key. Make sure you have Set Value and Create SubKey permissions.

So there's some permessions I need to set in the registry for each user. What's the easiest way to centrally, automatically do that?

Thanks
0
Jason210
Asked:
Jason210
  • 6
  • 3
3 Solutions
 
SembeeCommented:
The easiest way I have found to deploy this is two steps...

1. Copy the screensaver to the relevant location using a login script.
2. Then set the GP using just the executable name.

By copying across with the script it runs in a different context and has the permissions to put the file in the right location.

Simon.
0
 
Jason210Author Commented:
So I need to copy it to each machine? But that only needs to be done once....

And in (2) you mean I omit the path completely?
0
 
SembeeCommented:
Yes - copy to each machine. If you are clever with login scripts then you can get it to detect that the file is already there and not try and copy it each time.
And I do mean remove the path completely. Test it with one of the default screensavers first if you want to be sure.

Simon.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
Jason210Author Commented:
Ok, thanks. So now i need a good script....


points increased ;-)
0
 
SembeeCommented:
0
 
Jason210Author Commented:
Thanks.

Slight modification seemed to work. I tagged this on to the end of the logon script:

if exist "c:\WINDOWS\system32\winexit.scr" goto yes
copy \\servername\Screensaver$\winexit.scr c:\WINDOWS\system32

:yes
0
 
Jason210Author Commented:
Having deployed the winexit file, and changed the GP using just the executable name, I tested it out, and still get this registry error message.

I have made a GP earlier that prevents users from editing the registry - could it be the cause?
0
 
Jason210Author Commented:
Apparently this particular screen saver doesn't work for oridinary users.

http://support.microsoft.com/?kbid=156677

I need to go in and change the registry key permissions.

Manually, this is a no-goer, but I could run a special one-time only script to do it. Apparently, I need to use some software called SubInACL.exe

So, I'm closing this question on a B and posting a new one on how to use this SubInACL.exe in a script to change the resgistry settings.

Many thanks
Jason
0
 
Jason210Author Commented:
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now