Can I exempt certain computers from the screen lock GPO?

Posted on 2011-10-17
Last Modified: 2013-05-17
We use GPO to lock users' desktops after 10 minutes of inactivity but we need to exempt a couple of PCs. All I can see is that I can configure settings based on users not computers. Any way around this?

Question by:kwhelp
    LVL 6

    Expert Comment

    create group with computers where policy should apply and simply choose this group in security filtering for this policy

    Author Comment

    Hi Tomislavj

    Thanks for the reply but I could use more detail - where do I configure security filtering? Also, am I reight in thinking that I need to create a group for the exluded machines not the included ones?

    LVL 3

    Expert Comment

    With so few objects not requiring the GPO, create a security group called "Screensaver Disabled", make the target computers a member of this group, edit the security of the Screensaver GPO, add the group Screensaver Disabled, and select the Deny for the Apply Group Policy permission.
    LVL 3

    Expert Comment

    LVL 82

    Accepted Solution

    You can not filter user policies by changing permissions for computers.
    What is required to apply user policies based on computers is GPO Loopback processing.
    Create a new GPO "NoScreenLock" or whatever under the OU in which the rest of the clients are, and move the "exception" machines into that OU.
    Link a new GPO "Group Policy Loopback" or whatever to that OU, in which you enable Group Policy Loopback processing (in Computer Configuration\Administrative Templates\System\Group Policy); set it to "Merge".
    Restart the machines.
    Create another GPO "Screen Saver Settings" or whatever, linked to that OU. Set the screen lock policy explicitly to "Disabled" (or whatever you want different); these settings will now override the normal user policies for every user logging on to machines in that OU, even though the user accounts are not in this OU.
    You can use regular security filtering on the "Screen Saver Settings" GPO to exclude it for user groups who shouldn't have this policy applied.
    Loopback processing of Group Policy

    Author Closing Comment


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Upper back Pain: My back hurt for months. Upper back, mostly my neck, spine and across my shoulder blades. I was getting headaches too, that felt like they were caused by tension in my shoulders, but now I feel fine! I'm sharing this hoping someoneā€¦
    You have seen this as an option on your internet browser before or it may be completely new to you.  But what does this mean and why would I use this?
    The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
    The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now