• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 844
  • Last Modified:

Group policy for screen saver

Hi Experts,

I've created a group policy object for screen saver for 1 OU. I'd like to turn the screen saver on for all computers in that OU after 60 seconds. There are 2 computers which in that OU. I log in one of the computers with an AD user but the screen saver doesn't turn on after 60 seconds. Any Ideas?

Thanks.
0
SJCA
Asked:
SJCA
  • 4
  • 3
  • 2
  • +3
3 Solutions
 
PC4N6Commented:
Make sure that you are getting the policy that you setup applied to the workstation.  You can check by running gpresult from the command line.  If it is not there you should force the policy by running gpupdate /force.  Try again.
0
 
oBdACommented:
The screen saver settings are user settings; if you want to deploy user settings depending on the machine the user is logging on to, you need to enable Loopback processing for the machines.
Create a new(!) GPO "Loopback" linked to the GPO, and enable the Loopback mode as described in the article below (in Merge mode probably). Reboot the clients.
The screen saver GPO will now be active for every user logging on to a client in this OU, even though the user object is not in the OU. You can use the Security Filtering of the GPO to prevent the GPO application for administrators if necessary.
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
0
 
hydrokidCommented:
1) use gpupdate /force for immediate applying of group policy.
When this policy happens, check your computer screensaver settings, it should be changed as per policy

2) Use the GPMC -> GSOP to see if the policy is applied to the computer you are checking
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
hydrokidCommented:
Do confirm that you've applied the policy as the user configuration as per below...

Expand User Configuration | Administrative Templates | Control Panel.
Click the Display container.
In the Details pan, double click Password protect the screen saver.
Click Enabled.
Click OK.
0
 
Elwin3Commented:
Have you added a GPO entries for all 3 "Screen Saver",  "Screen Saver executable name" and "Screen Saver timeout".  
0
 
SJCAAuthor Commented:
This is (attachment) what I have to the GPO for screen saver.

I ran 'gpupdate /force' on the workstation but it still doesn't work.

How do I get to GSOP from GPMC ?

Does I have to have 'Password protect the screen saver' enable to able to get this to work?

Thanks.
gpscreen.JPG
0
 
SJCAAuthor Commented:
FYI, I checked the computer screen saver settings, it still shows 10 minutes as default.
0
 
oBdACommented:
This will never work without the Loopback processing I described above; the user objects aren't in the OU to which your screen saver GPO is linked, so they are not applied. The only way around that is to enable Loopback Processing.
0
 
hydrokidCommented:
1) Oh ya. It seems like Loopback processing is needed in this case unless you apply this to an OU that consist of users object and not computers objects.

2) Screen Saver executable name looks suspicious too... leave that unconfigured while you try to get this working first.

0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Listen to oBda, he is right! As you can see, you set all those settings under USER CONFIGURATION node, so it requires in that OU, user accounts to take effect. Or read in the internet how to set up loopback processing as oBdA wrote.
0
 
Elwin3Commented:
The screen saver executable name is wrong that why it doesn't work. Add scrnsave.scr as the name. that the blank screensaver, use it to test. When you get it working make the .scr file you want and place it in the windows\system32 folder on every machine if not using a default one.
0
 
SJCAAuthor Commented:
Thanks oBda and everyone, I've finally got it work.

Last question, if I log in with a local user (not an AD user), I don't think the GPO will work in this case. Is there a way to get the GPO to apply to local user? or any ideas?

Thanks a lot.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
set this screen saver settings for local user on local machine. Run gpedit.msc if no "higher" policy overwrites it then local policies take effect (sorry for language :/).

Policies are apllied in this order LSDOU so (1 - local, 2- site, 3 - domain, 4 - OU)
if there is no conflict then they are unmodified.
0
 
SJCAAuthor Commented:
it works! Thanks all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now