Solved

Group Policy Filtering

Posted on 2011-02-23
12
267 Views
Last Modified: 2012-05-11
We need to filter out:

control panel/display from the root domain policy that all users inherit for a single computer.    it this possible or do we have to copy the whole policy and paste it makign the required changes (twice) in the future?

thx
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 43

Expert Comment

by:Taurus
ID: 34961940
Can you explain more. What changes you are trying to do.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34961949
disable the screensaver policy for a single user.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34962008
You can't filter for one setting but if you have a GPO screen saver that only configures the screen savers for users then yes  you can filter out a user (or group) what getting that GPO applied to them.  This is known as security filtering.

More on filtering here  http://www.grouppolicy.biz/2010/05/how-to-exclude-individual-users-or-computers-from-a-group-policy-object/

Thanks

Mike
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 
LVL 43

Expert Comment

by:Taurus
ID: 34962017
Open the GPO properties, click on security tab, add that user and select deny
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 34962077
would creation of a new GPO in a new OU with the screensaver settings disabled and use loopback processing to replace over ride the domain GPO setting?
0
 
LVL 43

Expert Comment

by:Taurus
ID: 34962102
This can also work. Test it
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35005609
transpires the screensaver settings are not applied by GPO string but a batch file in windows-scripts-logon setting.
can this be filtered?
0
 
LVL 43

Expert Comment

by:Taurus
ID: 35006670
How you are calling this script. If you are calling it from Profile, you can remove the script for that user only.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35006829
blocked the file bu restricting the user read permission to the bat file.
another problem, can the Admin templates - control panel - screen saver policy thats within th edomain root policy be disabled or overwitten
0
 
LVL 43

Accepted Solution

by:
Taurus earned 500 total points
ID: 35006870
Attaching GPO screenshot, which I have configured and linked to OU. Please check, if this works for you.
screensaver.bmp
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 35007042
problenm with using looback is that it upset our mapped drives and other settings, i'll try it
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35130078
perfect
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question