?
Solved

Group policy for screen saver

Posted on 2010-08-24
14
Medium Priority
?
839 Views
Last Modified: 2013-12-23
Hi Experts,

I've created a group policy object for screen saver for 1 OU. I'd like to turn the screen saver on for all computers in that OU after 60 seconds. There are 2 computers which in that OU. I log in one of the computers with an AD user but the screen saver doesn't turn on after 60 seconds. Any Ideas?

Thanks.
0
Comment
Question by:SJCA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
14 Comments
 

Expert Comment

by:PC4N6
ID: 33511847
Make sure that you are getting the policy that you setup applied to the workstation.  You can check by running gpresult from the command line.  If it is not there you should force the policy by running gpupdate /force.  Try again.
0
 
LVL 85

Assisted Solution

by:oBdA
oBdA earned 600 total points
ID: 33511866
The screen saver settings are user settings; if you want to deploy user settings depending on the machine the user is logging on to, you need to enable Loopback processing for the machines.
Create a new(!) GPO "Loopback" linked to the GPO, and enable the Loopback mode as described in the article below (in Merge mode probably). Reboot the clients.
The screen saver GPO will now be active for every user logging on to a client in this OU, even though the user object is not in the OU. You can use the Security Filtering of the GPO to prevent the GPO application for administrators if necessary.
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
0
 
LVL 2

Expert Comment

by:hydrokid
ID: 33511880
1) use gpupdate /force for immediate applying of group policy.
When this policy happens, check your computer screensaver settings, it should be changed as per policy

2) Use the GPMC -> GSOP to see if the policy is applied to the computer you are checking
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 2

Expert Comment

by:hydrokid
ID: 33511893
Do confirm that you've applied the policy as the user configuration as per below...

Expand User Configuration | Administrative Templates | Control Panel.
Click the Display container.
In the Details pan, double click Password protect the screen saver.
Click Enabled.
Click OK.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33511939
Have you added a GPO entries for all 3 "Screen Saver",  "Screen Saver executable name" and "Screen Saver timeout".  
0
 
LVL 1

Author Comment

by:SJCA
ID: 33512564
This is (attachment) what I have to the GPO for screen saver.

I ran 'gpupdate /force' on the workstation but it still doesn't work.

How do I get to GSOP from GPMC ?

Does I have to have 'Password protect the screen saver' enable to able to get this to work?

Thanks.
gpscreen.JPG
0
 
LVL 1

Author Comment

by:SJCA
ID: 33512582
FYI, I checked the computer screen saver settings, it still shows 10 minutes as default.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 33512675
This will never work without the Loopback processing I described above; the user objects aren't in the OU to which your screen saver GPO is linked, so they are not applied. The only way around that is to enable Loopback Processing.
0
 
LVL 2

Assisted Solution

by:hydrokid
hydrokid earned 400 total points
ID: 33517601
1) Oh ya. It seems like Loopback processing is needed in this case unless you apply this to an OU that consist of users object and not computers objects.

2) Screen Saver executable name looks suspicious too... leave that unconfigured while you try to get this working first.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33518526
Listen to oBda, he is right! As you can see, you set all those settings under USER CONFIGURATION node, so it requires in that OU, user accounts to take effect. Or read in the internet how to set up loopback processing as oBdA wrote.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33519030
The screen saver executable name is wrong that why it doesn't work. Add scrnsave.scr as the name. that the blank screensaver, use it to test. When you get it working make the .scr file you want and place it in the windows\system32 folder on every machine if not using a default one.
0
 
LVL 1

Author Comment

by:SJCA
ID: 33525219
Thanks oBda and everyone, I've finally got it work.

Last question, if I log in with a local user (not an AD user), I don't think the GPO will work in this case. Is there a way to get the GPO to apply to local user? or any ideas?

Thanks a lot.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1000 total points
ID: 33528526
set this screen saver settings for local user on local machine. Run gpedit.msc if no "higher" policy overwrites it then local policies take effect (sorry for language :/).

Policies are apllied in this order LSDOU so (1 - local, 2- site, 3 - domain, 4 - OU)
if there is no conflict then they are unmodified.
0
 
LVL 1

Author Closing Comment

by:SJCA
ID: 33755293
it works! Thanks all.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question