I'd like have all authenticated users have a screen lock. However, I would like a few computers to have this setting unconfigured.
For example, UserA has two computers, Desktop1 and Desktop2. UserA logs into Desktop1 and it should lock after 60 minutes of inactivity. Desktop2 only displays data/news. UserA logs into Desktop2 but doesn't touch it after logging in.
I have a screenLock GP Object linked to a site. The screenLock GP Object locks the screen after 60 minutes of inactivity AND is set to deny apply GPO for a noLock group. The noLock group contains computers which should not lock.
This setup does not work. The computer that is in the noLock group still gets the screen lock setting. Group Policy Management's Group Policy Results wizard confirms this.
(Using Server 2003 and XP.)