Solved

Group Policy Filtering

Posted on 2011-02-23
12
265 Views
Last Modified: 2012-05-11
We need to filter out:

control panel/display from the root domain policy that all users inherit for a single computer.    it this possible or do we have to copy the whole policy and paste it makign the required changes (twice) in the future?

thx
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 43

Expert Comment

by:Amit
ID: 34961940
Can you explain more. What changes you are trying to do.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34961949
disable the screensaver policy for a single user.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34962008
You can't filter for one setting but if you have a GPO screen saver that only configures the screen savers for users then yes  you can filter out a user (or group) what getting that GPO applied to them.  This is known as security filtering.

More on filtering here  http://www.grouppolicy.biz/2010/05/how-to-exclude-individual-users-or-computers-from-a-group-policy-object/

Thanks

Mike
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Expert Comment

by:Amit
ID: 34962017
Open the GPO properties, click on security tab, add that user and select deny
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34962077
would creation of a new GPO in a new OU with the screensaver settings disabled and use loopback processing to replace over ride the domain GPO setting?
0
 
LVL 43

Expert Comment

by:Amit
ID: 34962102
This can also work. Test it
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35005609
transpires the screensaver settings are not applied by GPO string but a batch file in windows-scripts-logon setting.
can this be filtered?
0
 
LVL 43

Expert Comment

by:Amit
ID: 35006670
How you are calling this script. If you are calling it from Profile, you can remove the script for that user only.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35006829
blocked the file bu restricting the user read permission to the bat file.
another problem, can the Admin templates - control panel - screen saver policy thats within th edomain root policy be disabled or overwitten
0
 
LVL 43

Accepted Solution

by:
Amit earned 500 total points
ID: 35006870
Attaching GPO screenshot, which I have configured and linked to OU. Please check, if this works for you.
screensaver.bmp
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35007042
problenm with using looback is that it upset our mapped drives and other settings, i'll try it
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35130078
perfect
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question