Solved

corky user rights issue.

Posted on 2008-06-19
5
216 Views
Last Modified: 2010-04-21
I have a laptop that is joined to our domain and neither local admins nor domain admins are able to change the wait time for the screen saver.  Where should I check to enable this for users?
0
Comment
Question by:menreeq
5 Comments
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 21823547
In Group Policy:

User configuration, Administrative Templates, Control Panel, Display, Screen Saver timeout

That should sort it
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 21823578
Is it set up in Group Policy? Regardless if it is or not, Admins (domain and local) should have this capability.

~coolsportp00
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21823880
You might want to add domain admins to the Local Administrators Group

For a single computer
logon as Local Administrator to the computer (not the domain)
Right click on "My Computer" and select Manage
Expand "Local Users and Groups->Groups->Administrators
Click Add
Enter the full user name eg domain\username
and OK out again

You can add users to Local Administrators with group policy.

First put the users that you want to give local admin rights to into a security group (or you Domain Users if you want it to apply to all users)

Create and OU that contains the computers that you want them to have rights on and put the computers into the OU. Note that this cannot be the Computers Container and should not contain any servers or Domain Controllers for obvious reasons.

Create a group policy that configures the security group as a Restricted Group, and under the "This group is a member of...", option add "Administrators"

Link the GPO to the OU that contains the computers

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 21824579
If the setting is configured via GPO, it will not be configurable at the local desktop even by Administrators/DAs. This is the default behavior of Group Policy Objects, since Authenticated Users (of which Domain Admins/Administrators are a member) have Read and Apply Group Policy permissions to every GPO.

You can control this more granularly by denying the Apply Group Policy perm to Domain Admins, but security group filtering should be used sparingly as it can be difficult to troubleshoot down the line.
0
 

Author Closing Comment

by:menreeq
ID: 31468847
I found the group policy and set it to not apply to the user and domain admins.  thanks for the input.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question