Solved

Problem with Group Policy "Screen Saver Executable Name"

Posted on 2006-06-28
9
610 Views
Last Modified: 2012-06-21
Hi

Windows 2003 server domain with XP workstations.

I'm using the Group Policy Editor to apply the Winexit.scr screensaver, so that the domain user is automatically logged off the workstation after a certain period of inactivity. I made the necessary changes to the winexit.scr, then put this file in a share on the fileserver, and pointed the Screen Saver Executable Name GPO to it.

So far so good.

Problem now is that the user doesn't have access to the registry, so when the GPO first tries to implement the screensaver & settings, the user gets an error message:

Erro Encountered while creating registry key. Make sure you have Set Value and Create SubKey permissions.

So there's some permessions I need to set in the registry for each user. What's the easiest way to centrally, automatically do that?

Thanks
0
Comment
Question by:Jason210
  • 6
  • 3
9 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17004097
The easiest way I have found to deploy this is two steps...

1. Copy the screensaver to the relevant location using a login script.
2. Then set the GP using just the executable name.

By copying across with the script it runs in a different context and has the permissions to put the file in the right location.

Simon.
0
 
LVL 11

Author Comment

by:Jason210
ID: 17004192
So I need to copy it to each machine? But that only needs to be done once....

And in (2) you mean I omit the path completely?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 500 total points
ID: 17004215
Yes - copy to each machine. If you are clever with login scripts then you can get it to detect that the file is already there and not try and copy it each time.
And I do mean remove the path completely. Test it with one of the default screensavers first if you want to be sure.

Simon.
0
 
LVL 11

Author Comment

by:Jason210
ID: 17004245
Ok, thanks. So now i need a good script....


points increased ;-)
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 500 total points
ID: 17004874
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008320
Thanks.

Slight modification seemed to work. I tagged this on to the end of the logon script:

if exist "c:\WINDOWS\system32\winexit.scr" goto yes
copy \\servername\Screensaver$\winexit.scr c:\WINDOWS\system32

:yes
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008491
Having deployed the winexit file, and changed the GP using just the executable name, I tested it out, and still get this registry error message.

I have made a GP earlier that prevents users from editing the registry - could it be the cause?
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008757
Apparently this particular screen saver doesn't work for oridinary users.

http://support.microsoft.com/?kbid=156677

I need to go in and change the registry key permissions.

Manually, this is a no-goer, but I could run a special one-time only script to do it. Apparently, I need to use some software called SubInACL.exe

So, I'm closing this question on a B and posting a new one on how to use this SubInACL.exe in a script to change the resgistry settings.

Many thanks
Jason
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008798
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now