Solved

Group Policy Filtering

Posted on 2011-02-23
12
262 Views
Last Modified: 2012-05-11
We need to filter out:

control panel/display from the root domain policy that all users inherit for a single computer.    it this possible or do we have to copy the whole policy and paste it makign the required changes (twice) in the future?

thx
0
Comment
Question by:CHI-LTD
  • 6
  • 5
12 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 34961940
Can you explain more. What changes you are trying to do.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34961949
disable the screensaver policy for a single user.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34962008
You can't filter for one setting but if you have a GPO screen saver that only configures the screen savers for users then yes  you can filter out a user (or group) what getting that GPO applied to them.  This is known as security filtering.

More on filtering here  http://www.grouppolicy.biz/2010/05/how-to-exclude-individual-users-or-computers-from-a-group-policy-object/

Thanks

Mike
0
 
LVL 41

Expert Comment

by:Amit
ID: 34962017
Open the GPO properties, click on security tab, add that user and select deny
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34962077
would creation of a new GPO in a new OU with the screensaver settings disabled and use loopback processing to replace over ride the domain GPO setting?
0
 
LVL 41

Expert Comment

by:Amit
ID: 34962102
This can also work. Test it
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35005609
transpires the screensaver settings are not applied by GPO string but a batch file in windows-scripts-logon setting.
can this be filtered?
0
 
LVL 41

Expert Comment

by:Amit
ID: 35006670
How you are calling this script. If you are calling it from Profile, you can remove the script for that user only.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35006829
blocked the file bu restricting the user read permission to the bat file.
another problem, can the Admin templates - control panel - screen saver policy thats within th edomain root policy be disabled or overwitten
0
 
LVL 41

Accepted Solution

by:
Amit earned 500 total points
ID: 35006870
Attaching GPO screenshot, which I have configured and linked to OU. Please check, if this works for you.
screensaver.bmp
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35007042
problenm with using looback is that it upset our mapped drives and other settings, i'll try it
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35130078
perfect
0

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now