?
Solved

Group Policy Filtering

Posted on 2011-02-23
12
Medium Priority
?
268 Views
Last Modified: 2012-05-11
We need to filter out:

control panel/display from the root domain policy that all users inherit for a single computer.    it this possible or do we have to copy the whole policy and paste it makign the required changes (twice) in the future?

thx
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 34961940
Can you explain more. What changes you are trying to do.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34961949
disable the screensaver policy for a single user.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34962008
You can't filter for one setting but if you have a GPO screen saver that only configures the screen savers for users then yes  you can filter out a user (or group) what getting that GPO applied to them.  This is known as security filtering.

More on filtering here  http://www.grouppolicy.biz/2010/05/how-to-exclude-individual-users-or-computers-from-a-group-policy-object/

Thanks

Mike
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 44

Expert Comment

by:Amit
ID: 34962017
Open the GPO properties, click on security tab, add that user and select deny
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34962077
would creation of a new GPO in a new OU with the screensaver settings disabled and use loopback processing to replace over ride the domain GPO setting?
0
 
LVL 44

Expert Comment

by:Amit
ID: 34962102
This can also work. Test it
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35005609
transpires the screensaver settings are not applied by GPO string but a batch file in windows-scripts-logon setting.
can this be filtered?
0
 
LVL 44

Expert Comment

by:Amit
ID: 35006670
How you are calling this script. If you are calling it from Profile, you can remove the script for that user only.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35006829
blocked the file bu restricting the user read permission to the bat file.
another problem, can the Admin templates - control panel - screen saver policy thats within th edomain root policy be disabled or overwitten
0
 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 35006870
Attaching GPO screenshot, which I have configured and linked to OU. Please check, if this works for you.
screensaver.bmp
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35007042
problenm with using looback is that it upset our mapped drives and other settings, i'll try it
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35130078
perfect
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses
Course of the Month14 days, 14 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question