Overide a group policy at the local machine

We have a group policy within active directory to enable the screen saver and enforce the locking of the pc with 30 minutes.  The policy is under user configuration, admin templates, control panel/display.  The screen saver password protect is enabled, screen saver is enabled and the timeout is set to 1800 seconds.

My question is that we have one difficult employee that insists on his comptuer to not lock.  I can't seem to find a way so that his local machine will ignore this policy.  If create on his local machine group policy the policy in reverse but that does not seem to matter.  The policy is by user not machine, I've even create a different OU and put his username into it with the policy disabled with no luck either.

Does anyone have any other suggestions?

Thank you

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Where is the policy that's enforcing the screensaver?  Is it at domain level and in the default domain policy?  Is this policy set to Enforce?
jbishop2446bAuthor Commented:
Hi there- the policy is at the domain level, I also tried putting it directly into an indvidual OU.  I did have it set to link enabled and enforced.  Should it just be link enabled?

Thank you for your help
Put the user in an individual OU, make a policy that disable password protection on screen saver that you link to this OU, block inheritence (and use Enforce/no-override on the policy).
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

jbishop2446bAuthor Commented:
How do you block inheritence? When I click on the OU, then the Group Policy Inheritance tab it shows the new policy and the defailt domain policy (which is ok, doesn't contain the policy for screen locking).
Right click the OU and select Properties
Select the 'Group Policy' tab for the new policy
Check the 'Block Policy inheritance' option

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jbishop2446bAuthor Commented:
Thank you! I've made these changes and will report back to you the result!
Other than the obvious, what is difference between having a policy "enforced" checked on/off.  It seems like even if they're not "enforced" they're still active.
enforced enabled means that you make sure the policy is not override by an other policy that are processed at a later "stage". The policies are processed in this order: Local GPO - Site - Domain - OU

If you set a policy at the domain level saying "disable Run from startmenu" but has a policy at OU level saying "enable Run from startmenu". The user in the OU will see Run in his start menu. If you set Enforced at the policy at domain level it will take precedense over the OU policy and the user will not see Run in start menu.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.