?
Solved

corky user rights issue.

Posted on 2008-06-19
5
Medium Priority
?
242 Views
Last Modified: 2010-04-21
I have a laptop that is joined to our domain and neither local admins nor domain admins are able to change the wait time for the screen saver.  Where should I check to enable this for users?
0
Comment
Question by:menreeq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 21823547
In Group Policy:

User configuration, Administrative Templates, Control Panel, Display, Screen Saver timeout

That should sort it
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 21823578
Is it set up in Group Policy? Regardless if it is or not, Admins (domain and local) should have this capability.

~coolsportp00
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21823880
You might want to add domain admins to the Local Administrators Group

For a single computer
logon as Local Administrator to the computer (not the domain)
Right click on "My Computer" and select Manage
Expand "Local Users and Groups->Groups->Administrators
Click Add
Enter the full user name eg domain\username
and OK out again

You can add users to Local Administrators with group policy.

First put the users that you want to give local admin rights to into a security group (or you Domain Users if you want it to apply to all users)

Create and OU that contains the computers that you want them to have rights on and put the computers into the OU. Note that this cannot be the Computers Container and should not contain any servers or Domain Controllers for obvious reasons.

Create a group policy that configures the security group as a Restricted Group, and under the "This group is a member of...", option add "Administrators"

Link the GPO to the OU that contains the computers

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 21824579
If the setting is configured via GPO, it will not be configurable at the local desktop even by Administrators/DAs. This is the default behavior of Group Policy Objects, since Authenticated Users (of which Domain Admins/Administrators are a member) have Read and Apply Group Policy permissions to every GPO.

You can control this more granularly by denying the Apply Group Policy perm to Domain Admins, but security group filtering should be used sparingly as it can be difficult to troubleshoot down the line.
0
 

Author Closing Comment

by:menreeq
ID: 31468847
I found the group policy and set it to not apply to the user and domain admins.  thanks for the input.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question