• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

corky user rights issue.

I have a laptop that is joined to our domain and neither local admins nor domain admins are able to change the wait time for the screen saver.  Where should I check to enable this for users?
0
menreeq
Asked:
menreeq
1 Solution
 
Kieran_BurnsCommented:
In Group Policy:

User configuration, Administrative Templates, Control Panel, Display, Screen Saver timeout

That should sort it
0
 
coolsport00Commented:
Is it set up in Group Policy? Regardless if it is or not, Admins (domain and local) should have this capability.

~coolsportp00
0
 
KCTSCommented:
You might want to add domain admins to the Local Administrators Group

For a single computer
logon as Local Administrator to the computer (not the domain)
Right click on "My Computer" and select Manage
Expand "Local Users and Groups->Groups->Administrators
Click Add
Enter the full user name eg domain\username
and OK out again

You can add users to Local Administrators with group policy.

First put the users that you want to give local admin rights to into a security group (or you Domain Users if you want it to apply to all users)

Create and OU that contains the computers that you want them to have rights on and put the computers into the OU. Note that this cannot be the Computers Container and should not contain any servers or Domain Controllers for obvious reasons.

Create a group policy that configures the security group as a Restricted Group, and under the "This group is a member of...", option add "Administrators"

Link the GPO to the OU that contains the computers

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
0
 
LauraEHunterMVPCommented:
If the setting is configured via GPO, it will not be configurable at the local desktop even by Administrators/DAs. This is the default behavior of Group Policy Objects, since Authenticated Users (of which Domain Admins/Administrators are a member) have Read and Apply Group Policy permissions to every GPO.

You can control this more granularly by denying the Apply Group Policy perm to Domain Admins, but security group filtering should be used sparingly as it can be difficult to troubleshoot down the line.
0
 
menreeqAuthor Commented:
I found the group policy and set it to not apply to the user and domain admins.  thanks for the input.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now