Solved

corky user rights issue.

Posted on 2008-06-19
5
222 Views
Last Modified: 2010-04-21
I have a laptop that is joined to our domain and neither local admins nor domain admins are able to change the wait time for the screen saver.  Where should I check to enable this for users?
0
Comment
Question by:menreeq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 21823547
In Group Policy:

User configuration, Administrative Templates, Control Panel, Display, Screen Saver timeout

That should sort it
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 21823578
Is it set up in Group Policy? Regardless if it is or not, Admins (domain and local) should have this capability.

~coolsportp00
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21823880
You might want to add domain admins to the Local Administrators Group

For a single computer
logon as Local Administrator to the computer (not the domain)
Right click on "My Computer" and select Manage
Expand "Local Users and Groups->Groups->Administrators
Click Add
Enter the full user name eg domain\username
and OK out again

You can add users to Local Administrators with group policy.

First put the users that you want to give local admin rights to into a security group (or you Domain Users if you want it to apply to all users)

Create and OU that contains the computers that you want them to have rights on and put the computers into the OU. Note that this cannot be the Computers Container and should not contain any servers or Domain Controllers for obvious reasons.

Create a group policy that configures the security group as a Restricted Group, and under the "This group is a member of...", option add "Administrators"

Link the GPO to the OU that contains the computers

Run gpupate/force to update the policy

See http://support.microsoft.com/kb/810076
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 21824579
If the setting is configured via GPO, it will not be configurable at the local desktop even by Administrators/DAs. This is the default behavior of Group Policy Objects, since Authenticated Users (of which Domain Admins/Administrators are a member) have Read and Apply Group Policy permissions to every GPO.

You can control this more granularly by denying the Apply Group Policy perm to Domain Admins, but security group filtering should be used sparingly as it can be difficult to troubleshoot down the line.
0
 

Author Closing Comment

by:menreeq
ID: 31468847
I found the group policy and set it to not apply to the user and domain admins.  thanks for the input.
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question