Different group policy setting for external vs internal users

Hi Experts,

We have a policy setting that enables screen saver after 10 minutes.
A lot of the users are complaining about this time and I am wondering if its possible to apply a different policy which allows more time before the screensaver locks the computer if the computer is connected to the LAN vs. if the computer is being used outside the network.

Any suggestions?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you know WHICH computers are the external ones, I would recomend to create an OU for these external computers, and move the AD external computer objects to this OU. Then create a GPO, set up the screensaver preferences and link it to the OU.
nebb-sbtAuthor Commented:
Well, that is the problem.
Most of our employees are both working internal and outside the organization - at clients and etc.
I need something dynamic that will decide whether or not the client is located on our LAN.

When they log on externally do you mean they don't logon to domain? or do they logon to domain but using external network.

There is a way to achieve that but you need to use either wsh(batch) or vbscript. The logic goes like this. Check for internal IP addres, if matches then do not make change to the registry, else make change to the registry that controls screensaver time out settings.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

nebb-sbtAuthor Commented:
Are you suggesting we use a login script to check that or .. ?
yes. You would need that but does clients logon to domain when connecting via external network.
nebb-sbtAuthor Commented:
We have a on-demand VPN for file access and etc, but its not normally used.
Use of login script wouldnt be very effective if the user hibernates his computer before running to a client meeting.

See if users are logged in on internal network, unplug their babies, hibernate them and go outside turn them on and logged on using cached creds then internal policies will remain in effect otherwise if they login to domain via external network then they will get update based on login script,

nebb-sbtAuthor Commented:
The logon script will not fulfill what I wanted,
but I'll accept your answer as a alternative solution.

Thanks Navdeep
nebb-sbtAuthor Commented:
Partially complete solution - did not solve my problem
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.