Solved

corky user rights issue.

Posted on 2008-06-19
5
188 Views
Last Modified: 2010-04-21
I have a laptop that is joined to our domain and neither local admins nor domain admins are able to change the wait time for the screen saver.  Where should I check to enable this for users?
0
Comment
Question by:menreeq
5 Comments
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 21823547
In Group Policy:

User configuration, Administrative Templates, Control Panel, Display, Screen Saver timeout

That should sort it
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 21823578
Is it set up in Group Policy? Regardless if it is or not, Admins (domain and local) should have this capability.

~coolsportp00
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21823880
You might want to add domain admins to the Local Administrators Group

For a single computer
logon as Local Administrator to the computer (not the domain)
Right click on "My Computer" and select Manage
Expand "Local Users and Groups->Groups->Administrators
Click Add
Enter the full user name eg domain\username
and OK out again

You can add users to Local Administrators with group policy.

First put the users that you want to give local admin rights to into a security group (or you Domain Users if you want it to apply to all users)

Create and OU that contains the computers that you want them to have rights on and put the computers into the OU. Note that this cannot be the Computers Container and should not contain any servers or Domain Controllers for obvious reasons.

Create a group policy that configures the security group as a Restricted Group, and under the "This group is a member of...", option add "Administrators"

Link the GPO to the OU that contains the computers

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 21824579
If the setting is configured via GPO, it will not be configurable at the local desktop even by Administrators/DAs. This is the default behavior of Group Policy Objects, since Authenticated Users (of which Domain Admins/Administrators are a member) have Read and Apply Group Policy permissions to every GPO.

You can control this more granularly by denying the Apply Group Policy perm to Domain Admins, but security group filtering should be used sparingly as it can be difficult to troubleshoot down the line.
0
 

Author Closing Comment

by:menreeq
ID: 31468847
I found the group policy and set it to not apply to the user and domain admins.  thanks for the input.
0

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now