Solved

Problem with Group Policy "Screen Saver Executable Name"

Posted on 2006-06-28
9
618 Views
Last Modified: 2012-06-21
Hi

Windows 2003 server domain with XP workstations.

I'm using the Group Policy Editor to apply the Winexit.scr screensaver, so that the domain user is automatically logged off the workstation after a certain period of inactivity. I made the necessary changes to the winexit.scr, then put this file in a share on the fileserver, and pointed the Screen Saver Executable Name GPO to it.

So far so good.

Problem now is that the user doesn't have access to the registry, so when the GPO first tries to implement the screensaver & settings, the user gets an error message:

Erro Encountered while creating registry key. Make sure you have Set Value and Create SubKey permissions.

So there's some permessions I need to set in the registry for each user. What's the easiest way to centrally, automatically do that?

Thanks
0
Comment
Question by:Jason210
  • 6
  • 3
9 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17004097
The easiest way I have found to deploy this is two steps...

1. Copy the screensaver to the relevant location using a login script.
2. Then set the GP using just the executable name.

By copying across with the script it runs in a different context and has the permissions to put the file in the right location.

Simon.
0
 
LVL 11

Author Comment

by:Jason210
ID: 17004192
So I need to copy it to each machine? But that only needs to be done once....

And in (2) you mean I omit the path completely?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 500 total points
ID: 17004215
Yes - copy to each machine. If you are clever with login scripts then you can get it to detect that the file is already there and not try and copy it each time.
And I do mean remove the path completely. Test it with one of the default screensavers first if you want to be sure.

Simon.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 11

Author Comment

by:Jason210
ID: 17004245
Ok, thanks. So now i need a good script....


points increased ;-)
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 500 total points
ID: 17004874
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008320
Thanks.

Slight modification seemed to work. I tagged this on to the end of the logon script:

if exist "c:\WINDOWS\system32\winexit.scr" goto yes
copy \\servername\Screensaver$\winexit.scr c:\WINDOWS\system32

:yes
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008491
Having deployed the winexit file, and changed the GP using just the executable name, I tested it out, and still get this registry error message.

I have made a GP earlier that prevents users from editing the registry - could it be the cause?
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008757
Apparently this particular screen saver doesn't work for oridinary users.

http://support.microsoft.com/?kbid=156677

I need to go in and change the registry key permissions.

Manually, this is a no-goer, but I could run a special one-time only script to do it. Apparently, I need to use some software called SubInACL.exe

So, I'm closing this question on a B and posting a new one on how to use this SubInACL.exe in a script to change the resgistry settings.

Many thanks
Jason
0
 
LVL 11

Author Comment

by:Jason210
ID: 17008798
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question