Solved

Group policy for screen saver

Posted on 2010-08-24
14
831 Views
Last Modified: 2013-12-23
Hi Experts,

I've created a group policy object for screen saver for 1 OU. I'd like to turn the screen saver on for all computers in that OU after 60 seconds. There are 2 computers which in that OU. I log in one of the computers with an AD user but the screen saver doesn't turn on after 60 seconds. Any Ideas?

Thanks.
0
Comment
Question by:SJCA
  • 4
  • 3
  • 2
  • +3
14 Comments
 

Expert Comment

by:PC4N6
ID: 33511847
Make sure that you are getting the policy that you setup applied to the workstation.  You can check by running gpresult from the command line.  If it is not there you should force the policy by running gpupdate /force.  Try again.
0
 
LVL 83

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 33511866
The screen saver settings are user settings; if you want to deploy user settings depending on the machine the user is logging on to, you need to enable Loopback processing for the machines.
Create a new(!) GPO "Loopback" linked to the GPO, and enable the Loopback mode as described in the article below (in Merge mode probably). Reboot the clients.
The screen saver GPO will now be active for every user logging on to a client in this OU, even though the user object is not in the OU. You can use the Security Filtering of the GPO to prevent the GPO application for administrators if necessary.
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
0
 
LVL 2

Expert Comment

by:hydrokid
ID: 33511880
1) use gpupdate /force for immediate applying of group policy.
When this policy happens, check your computer screensaver settings, it should be changed as per policy

2) Use the GPMC -> GSOP to see if the policy is applied to the computer you are checking
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 2

Expert Comment

by:hydrokid
ID: 33511893
Do confirm that you've applied the policy as the user configuration as per below...

Expand User Configuration | Administrative Templates | Control Panel.
Click the Display container.
In the Details pan, double click Password protect the screen saver.
Click Enabled.
Click OK.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33511939
Have you added a GPO entries for all 3 "Screen Saver",  "Screen Saver executable name" and "Screen Saver timeout".  
0
 
LVL 1

Author Comment

by:SJCA
ID: 33512564
This is (attachment) what I have to the GPO for screen saver.

I ran 'gpupdate /force' on the workstation but it still doesn't work.

How do I get to GSOP from GPMC ?

Does I have to have 'Password protect the screen saver' enable to able to get this to work?

Thanks.
gpscreen.JPG
0
 
LVL 1

Author Comment

by:SJCA
ID: 33512582
FYI, I checked the computer screen saver settings, it still shows 10 minutes as default.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 33512675
This will never work without the Loopback processing I described above; the user objects aren't in the OU to which your screen saver GPO is linked, so they are not applied. The only way around that is to enable Loopback Processing.
0
 
LVL 2

Assisted Solution

by:hydrokid
hydrokid earned 100 total points
ID: 33517601
1) Oh ya. It seems like Loopback processing is needed in this case unless you apply this to an OU that consist of users object and not computers objects.

2) Screen Saver executable name looks suspicious too... leave that unconfigured while you try to get this working first.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33518526
Listen to oBda, he is right! As you can see, you set all those settings under USER CONFIGURATION node, so it requires in that OU, user accounts to take effect. Or read in the internet how to set up loopback processing as oBdA wrote.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33519030
The screen saver executable name is wrong that why it doesn't work. Add scrnsave.scr as the name. that the blank screensaver, use it to test. When you get it working make the .scr file you want and place it in the windows\system32 folder on every machine if not using a default one.
0
 
LVL 1

Author Comment

by:SJCA
ID: 33525219
Thanks oBda and everyone, I've finally got it work.

Last question, if I log in with a local user (not an AD user), I don't think the GPO will work in this case. Is there a way to get the GPO to apply to local user? or any ideas?

Thanks a lot.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 250 total points
ID: 33528526
set this screen saver settings for local user on local machine. Run gpedit.msc if no "higher" policy overwrites it then local policies take effect (sorry for language :/).

Policies are apllied in this order LSDOU so (1 - local, 2- site, 3 - domain, 4 - OU)
if there is no conflict then they are unmodified.
0
 
LVL 1

Author Closing Comment

by:SJCA
ID: 33755293
it works! Thanks all.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now