?
Solved

Group Policy Filtering

Posted on 2011-02-23
12
Medium Priority
?
269 Views
Last Modified: 2012-05-11
We need to filter out:

control panel/display from the root domain policy that all users inherit for a single computer.    it this possible or do we have to copy the whole policy and paste it makign the required changes (twice) in the future?

thx
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 34961940
Can you explain more. What changes you are trying to do.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34961949
disable the screensaver policy for a single user.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34962008
You can't filter for one setting but if you have a GPO screen saver that only configures the screen savers for users then yes  you can filter out a user (or group) what getting that GPO applied to them.  This is known as security filtering.

More on filtering here  http://www.grouppolicy.biz/2010/05/how-to-exclude-individual-users-or-computers-from-a-group-policy-object/

Thanks

Mike
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 44

Expert Comment

by:Amit
ID: 34962017
Open the GPO properties, click on security tab, add that user and select deny
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34962077
would creation of a new GPO in a new OU with the screensaver settings disabled and use loopback processing to replace over ride the domain GPO setting?
0
 
LVL 44

Expert Comment

by:Amit
ID: 34962102
This can also work. Test it
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35005609
transpires the screensaver settings are not applied by GPO string but a batch file in windows-scripts-logon setting.
can this be filtered?
0
 
LVL 44

Expert Comment

by:Amit
ID: 35006670
How you are calling this script. If you are calling it from Profile, you can remove the script for that user only.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35006829
blocked the file bu restricting the user read permission to the bat file.
another problem, can the Admin templates - control panel - screen saver policy thats within th edomain root policy be disabled or overwitten
0
 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 35006870
Attaching GPO screenshot, which I have configured and linked to OU. Please check, if this works for you.
screensaver.bmp
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35007042
problenm with using looback is that it upset our mapped drives and other settings, i'll try it
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35130078
perfect
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question