• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1299
  • Last Modified:

Can I exempt certain computers from the screen lock GPO?

We use GPO to lock users' desktops after 10 minutes of inactivity but we need to exempt a couple of PCs. All I can see is that I can configure settings based on users not computers. Any way around this?

1 Solution
TomislavjSystem AdminCommented:
create group with computers where policy should apply and simply choose this group in security filtering for this policy
kwhelpAuthor Commented:
Hi Tomislavj

Thanks for the reply but I could use more detail - where do I configure security filtering? Also, am I reight in thinking that I need to create a group for the exluded machines not the included ones?

With so few objects not requiring the GPO, create a security group called "Screensaver Disabled", make the target computers a member of this group, edit the security of the Screensaver GPO, add the group Screensaver Disabled, and select the Deny for the Apply Group Policy permission.
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

You can not filter user policies by changing permissions for computers.
What is required to apply user policies based on computers is GPO Loopback processing.
Create a new GPO "NoScreenLock" or whatever under the OU in which the rest of the clients are, and move the "exception" machines into that OU.
Link a new GPO "Group Policy Loopback" or whatever to that OU, in which you enable Group Policy Loopback processing (in Computer Configuration\Administrative Templates\System\Group Policy); set it to "Merge".
Restart the machines.
Create another GPO "Screen Saver Settings" or whatever, linked to that OU. Set the screen lock policy explicitly to "Disabled" (or whatever you want different); these settings will now override the normal user policies for every user logging on to machines in that OU, even though the user accounts are not in this OU.
You can use regular security filtering on the "Screen Saver Settings" GPO to exclude it for user groups who shouldn't have this policy applied.
Loopback processing of Group Policy
kwhelpAuthor Commented:

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now