• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1552
  • Last Modified:

Policy Loopback & Disabling Screensaver settings

Hi,

We have around 30 Multimedia PCs that are used by a variety of Staff. At present we don't enforce any settings for Screensavers or timeouts. We leave it for staff to decide or use the default on their own pc's.

However for the 30 MM pcs i need to have the screensaver & prompt for password disabled because staff keep using the units and walking away leaving it locked.

The 30 MM pcs are in a group called POLICY Screensaver Overide and also sit in there own OU called MM PC's.

I have tried applying two ways of appliying policys to this OU the 1st turning on

User Group Policy loopback processing mode (replace)
in side this policy i also set the screensaver tab to be hidden /disabled password protect/ disabled screensaver.

this didn't work so i tried those settings in a 2nd policy, leaving the loopback on its own, the 2nd policy was like the 1st apllied at the OU level and only to the POLICY Screensaver override group.

A group policy modeling shows the policies are being applied but i can still see the screen saver tab and make changes.

Many thanks in advance for any help.
0
wsctechnical
Asked:
wsctechnical
  • 4
  • 3
  • 2
1 Solution
 
LauraEHunterMVPCommented:
Have you tested this using a non-Domain Administrator account?  If you are logging on using your own DA credentials, by default you will not be subject to the GPO settings configured against this OU, loopback or not.
0
 
kevin_uk05Commented:
The screen saver policy is applied at user level. So if the computers are in their own OU and you apply the restrict screensaver policy here it will not work. You need to apply the restrict screensaver policy against the OU where your users are.

I would suggest this.

Have an OU, (MM OU) and create a policy, making sure it applies first on the OU.
Disable the User Settings part of this Policy
Enable the Loopback setting with Replace in the Computer Settings part of the policy
Create another policy making sure that it follows the Loopback policy
Disable the Computer Settings part of this policy
Configure your screensaver settings in the User Settings part of the policy

This should now work.
0
 
wsctechnicalAuthor Commented:
Hi,

Nope we're using a generic account for MM use.

The account is called whiteboard and just uses the bog standard settings and domain policies.

Thanks
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LauraEHunterMVPCommented:
kevin_uk05 - your comment is not accurate.  Loopback Processing is specifically designed to apply User Configuration settings to user objects residing elsewhere in the AD structure when those users log onto a particular subset of computers.  By linking a GPO with Loopback Processing enabled to an OU containing computer objects, that GPO will apply to user accounts when they log onto those computers, regardless of where in Active Directory the user objects reside.
0
 
kevin_uk05Commented:
Yes that is what i meant. Sorry i didnt make myself clear the comments you are refering to, i was referencing wsctechnica point when they tried without loopback.
0
 
LauraEHunterMVPCommented:
wcs - let me see if I'm understanding you correctly. Your OU structure (probably simplified) looks something like this:

domain.com
|
|
|-- MMComputersOU
|
|-- UserAccountsOU

You have linked the GPO screensaver settings to the MMComputersOU, and have configured Loopback Processing with the "Replace" option on that GPO.

Your users then log onto the computers within the MMComputersOU, and do not receive the appropriate settings?

Have you modified the permissions on that GPO in any way, or have you left the default setting of "Authenticated Users--> Read & Apply Group Policy"?
0
 
wsctechnicalAuthor Commented:
Hi Kevin,

I see the logic but we're talking about 30 pcs spread around the network with anything between 50-300 different users who may use them plus a generic account for drop in visitors.

The said users are spread arround the AD in relevant OUS for departments etc and as mentioned all also have their own individual pcs.

Could i use your format to make it work for a "group of users" on a "group of pcs"?
Thanks
0
 
wsctechnicalAuthor Commented:
Hi Laura,

The AD model is fairly similar.

I modified it to look at a group containing the computer accounts ie grp Policy Screensaver override. the members are the 30 odd pcs.

Following advice from other threads on EE i removed the authenticated users (wasn't sure at the time), should that be placed back? if so to which policy the loopback or the second with the screensaver settings?

Thanks
0
 
wsctechnicalAuthor Commented:
answered my own question the loopback just applys to a group the second policy with screensaver applies to the autheticated users and its now working.

The thread i read must have misled me.

Thanks
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now