Solved

Group policy for screen saver

Posted on 2010-08-24
14
836 Views
Last Modified: 2013-12-23
Hi Experts,

I've created a group policy object for screen saver for 1 OU. I'd like to turn the screen saver on for all computers in that OU after 60 seconds. There are 2 computers which in that OU. I log in one of the computers with an AD user but the screen saver doesn't turn on after 60 seconds. Any Ideas?

Thanks.
0
Comment
Question by:SJCA
  • 4
  • 3
  • 2
  • +3
14 Comments
 

Expert Comment

by:PC4N6
ID: 33511847
Make sure that you are getting the policy that you setup applied to the workstation.  You can check by running gpresult from the command line.  If it is not there you should force the policy by running gpupdate /force.  Try again.
0
 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 33511866
The screen saver settings are user settings; if you want to deploy user settings depending on the machine the user is logging on to, you need to enable Loopback processing for the machines.
Create a new(!) GPO "Loopback" linked to the GPO, and enable the Loopback mode as described in the article below (in Merge mode probably). Reboot the clients.
The screen saver GPO will now be active for every user logging on to a client in this OU, even though the user object is not in the OU. You can use the Security Filtering of the GPO to prevent the GPO application for administrators if necessary.
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
0
 
LVL 2

Expert Comment

by:hydrokid
ID: 33511880
1) use gpupdate /force for immediate applying of group policy.
When this policy happens, check your computer screensaver settings, it should be changed as per policy

2) Use the GPMC -> GSOP to see if the policy is applied to the computer you are checking
0
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

 
LVL 2

Expert Comment

by:hydrokid
ID: 33511893
Do confirm that you've applied the policy as the user configuration as per below...

Expand User Configuration | Administrative Templates | Control Panel.
Click the Display container.
In the Details pan, double click Password protect the screen saver.
Click Enabled.
Click OK.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33511939
Have you added a GPO entries for all 3 "Screen Saver",  "Screen Saver executable name" and "Screen Saver timeout".  
0
 
LVL 1

Author Comment

by:SJCA
ID: 33512564
This is (attachment) what I have to the GPO for screen saver.

I ran 'gpupdate /force' on the workstation but it still doesn't work.

How do I get to GSOP from GPMC ?

Does I have to have 'Password protect the screen saver' enable to able to get this to work?

Thanks.
gpscreen.JPG
0
 
LVL 1

Author Comment

by:SJCA
ID: 33512582
FYI, I checked the computer screen saver settings, it still shows 10 minutes as default.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 33512675
This will never work without the Loopback processing I described above; the user objects aren't in the OU to which your screen saver GPO is linked, so they are not applied. The only way around that is to enable Loopback Processing.
0
 
LVL 2

Assisted Solution

by:hydrokid
hydrokid earned 100 total points
ID: 33517601
1) Oh ya. It seems like Loopback processing is needed in this case unless you apply this to an OU that consist of users object and not computers objects.

2) Screen Saver executable name looks suspicious too... leave that unconfigured while you try to get this working first.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33518526
Listen to oBda, he is right! As you can see, you set all those settings under USER CONFIGURATION node, so it requires in that OU, user accounts to take effect. Or read in the internet how to set up loopback processing as oBdA wrote.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33519030
The screen saver executable name is wrong that why it doesn't work. Add scrnsave.scr as the name. that the blank screensaver, use it to test. When you get it working make the .scr file you want and place it in the windows\system32 folder on every machine if not using a default one.
0
 
LVL 1

Author Comment

by:SJCA
ID: 33525219
Thanks oBda and everyone, I've finally got it work.

Last question, if I log in with a local user (not an AD user), I don't think the GPO will work in this case. Is there a way to get the GPO to apply to local user? or any ideas?

Thanks a lot.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 250 total points
ID: 33528526
set this screen saver settings for local user on local machine. Run gpedit.msc if no "higher" policy overwrites it then local policies take effect (sorry for language :/).

Policies are apllied in this order LSDOU so (1 - local, 2- site, 3 - domain, 4 - OU)
if there is no conflict then they are unmodified.
0
 
LVL 1

Author Closing Comment

by:SJCA
ID: 33755293
it works! Thanks all.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Create self-signed certificate on 2012 r2 Server Core? 5 28
Event ID 29 KDC Win 2008 R2 DC 6 16
Impact to changing AD username 2 22
Rogue RDP Connections 5 54
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question