Group Policy
Hi,
I created a group policy to force a screen saver.
it doesnt seem to be working.
Policy > User Configuration > Administrative Templates > Control Panel > Personalization. Here are the policies you’re looking for:
Enabled the screen save settings as well as force specific screensaver and password protect and timeout.
I saved the screen saver on my local machine c:\windows32\screensvr.scr
i also tried to put it on a network share.
When i apply the policy and check my control panel settings, i can still configure screen saver locally, also it never kicks in, i set it to 1 second.
please assist (what did i miss)
thank you plentttyy
I created a group policy to force a screen saver.
it doesnt seem to be working.
Policy > User Configuration > Administrative Templates > Control Panel > Personalization. Here are the policies you’re looking for:
Enabled the screen save settings as well as force specific screensaver and password protect and timeout.
I saved the screen saver on my local machine c:\windows32\screensvr.scr
i also tried to put it on a network share.
When i apply the policy and check my control panel settings, i can still configure screen saver locally, also it never kicks in, i set it to 1 second.
please assist (what did i miss)
thank you plentttyy
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
lauchangkwang
If the PC is joined under domain, you should modified the OU (Organization Unit) group policy.
To elaborate on Lauchangkwang: the User's OU so it targets the user, but if you are at the Domain Level without any Block Inheritance then this will not apply.
ASKER
I am not that familair with Group Policy. so here is what i did.
In the group policy object editor i changed the settings below:
Enabled the screen save settings as well as force specific screensaver and password protect and timeout.
In the Group Policy Management I went unser the
-Domain.com
--Users
---Added a new policy named screen saver
(Except that there is not display settings where i can get the screen saver settings)
Please point me in the right direction even if i have to start over ..
thanks
In the group policy object editor i changed the settings below:
Enabled the screen save settings as well as force specific screensaver and password protect and timeout.
In the Group Policy Management I went unser the
-Domain.com
--Users
---Added a new policy named screen saver
(Except that there is not display settings where i can get the screen saver settings)
Please point me in the right direction even if i have to start over ..
thanks
Have you 'Enforced' the policy? Right click it and make sure.
There are three settings you need:
User Configuration\Administrati
Enable screen saver --> enabled
Force specific screen saver --> <if not %Systemroot%\System32 directory include full path>
Prevent changing screen saver --> enabled
http://technet.microsoft.com/en-us/library/ee617164(v=WS.10).aspx
User Configuration\Administrati
Enable screen saver --> enabled
Force specific screen saver --> <if not %Systemroot%\System32 directory include full path>
Prevent changing screen saver --> enabled
http://technet.microsoft.com/en-us/library/ee617164(v=WS.10).aspx
BTW you do not need to "enforce" the policy, just make sure it is linked at the correct OU and Link Enabled
ASKER
I can enforce it, but there is no settings in it (in the group policy management) I cannot find the settings for screen saver.
I only set up the screen saver options in group policy object editor.
It is the available Screen Saver Options. so i dont know how to link those options to the empty screen saver policy i created in GPM
I only set up the screen saver options in group policy object editor.
It is the available Screen Saver Options. so i dont know how to link those options to the empty screen saver policy i created in GPM
ASKER
It is linked (can you explain the difference between the Groip Policy Mnagement console vs GPO Editor)??
i am not sure where to enforce or push the proper one.
Yes it is linked in the GPO editor. And yes it is enforced in the GPM but no settings are in it.
???????
thank you
i am not sure where to enforce or push the proper one.
Yes it is linked in the GPO editor. And yes it is enforced in the GPM but no settings are in it.
???????
thank you
I do not think you can add GPO to the USERS Folder in AD. You would need to create a new OU (Firm Users or somthing similar) in ADUC and move all users to that OU.
Or just add a New GPO to the Domain level.
So if you placement is incorrect you will not get the desired results.
To confirm that the GPO's are being applied correctly you should use Group Policy Result tool in GPMC or run gpresult /h <filename.html> like stated in one of my previous suggestions.
Can you post a screenshot of your GPO's ?
Or just add a New GPO to the Domain level.
So if you placement is incorrect you will not get the desired results.
To confirm that the GPO's are being applied correctly you should use Group Policy Result tool in GPMC or run gpresult /h <filename.html> like stated in one of my previous suggestions.
Can you post a screenshot of your GPO's ?
Raquero is correct it must be Link Enabled and does not have to be Enforced. But Enforcing it will make it so it is not overridden by another policy.
ASKER
Awsome, so far everything is setup the way you have adviced.
Only thing is, my GPO is empty. I cannot find the Display settings to get to the screen settings under control panel settings.
Also the second screenshot shows the settings in the Group Policy Object editro.
How are these 2 related???
gpo1.png
gpo2.png
Only thing is, my GPO is empty. I cannot find the Display settings to get to the screen settings under control panel settings.
Also the second screenshot shows the settings in the Group Policy Object editro.
How are these 2 related???
gpo1.png
gpo2.png
yo_bee is correct...you cannot apply a GPO to the default Users or Computers OUs.
It is fairly common to group users in different OUs beneath Users(some designs use the ITIL/MOF People, Process, Technology model instead of the default containers, which I personally espouse). The distribution of users in different OUs is based on either location (e.g. geography) or division/workgroup/etc. and for purposes of delegating administrative functions without making everyone who does user admin a domain admin.
If you have a single location with no need for delegating admin responsibilities (e.g. for different regions) create a new OU under Users and move all users to the new OU. Link your GPO there.
Always create/edit GPOs from the newest OS in your environment, even if you are still supporting XP machines.
Once you have linked your GPO to the new OU you can verify the settings are what you want: open Group Policy Management console from a W7 (with RSAT) or W2K8R2 server. Locate the GPO in the left pane and click on it to select it. Click the Settings tab in the right pane and drill down to
It is fairly common to group users in different OUs beneath Users(some designs use the ITIL/MOF People, Process, Technology model instead of the default containers, which I personally espouse). The distribution of users in different OUs is based on either location (e.g. geography) or division/workgroup/etc. and for purposes of delegating administrative functions without making everyone who does user admin a domain admin.
If you have a single location with no need for delegating admin responsibilities (e.g. for different regions) create a new OU under Users and move all users to the new OU. Link your GPO there.
Always create/edit GPOs from the newest OS in your environment, even if you are still supporting XP machines.
Once you have linked your GPO to the new OU you can verify the settings are what you want: open Group Policy Management console from a W7 (with RSAT) or W2K8R2 server. Locate the GPO in the left pane and click on it to select it. Click the Settings tab in the right pane and drill down to
You should not enforce the GPO like you are.
You are probably negating other settings
Your Screensaver GPO has not setting applied to it.
You are probably negating other settings
Your Screensaver GPO has not setting applied to it.
I would remove all enforcements and place the GPO's in the order you wish to have them applied.
The order is Low precedence to highest
So the last GPO to apply has the highest precedence
The order is Low precedence to highest
So the last GPO to apply has the highest precedence
Geekah, your second screenshot is of a local group policy. You need to create/edit GPOs as described in my previous post via the Group Policy Management console from either a DC or a server/W7 machine with RSAT installed.
ASKER
Yo-bee.
If you read my questiojns, I am saying that i CANNOT find the settings.
I am aware the settings are not there. I cannot find the settings for screen saver.
Could someone assist as to how to add the display settings to the control panel??
The GPO, i just enforced after i got a sufggestion from you guys, so it wasnt working before or after.
thx
If you read my questiojns, I am saying that i CANNOT find the settings.
I am aware the settings are not there. I cannot find the settings for screen saver.
Could someone assist as to how to add the display settings to the control panel??
The GPO, i just enforced after i got a sufggestion from you guys, so it wasnt working before or after.
thx
Are you saying you do not see the Personalization folder in the GPO? See my earlier post http:#a37812260
ASKER
Raquero,
the first screenshot shows the policy I created, It is created in a DC through GPO Management.
i cANNOT FIND THE SCREEN SHOT SETTINGS.........
:)
the first screenshot shows the policy I created, It is created in a DC through GPO Management.
i cANNOT FIND THE SCREEN SHOT SETTINGS.........
:)
What OS is the DC running?
ASKER
ASKER
DC is running Server 2008 R2 std
ASKER
i can see personalization in the second screen shot of my earlier post.
but i need to which one should i be working on
Group Policy Management where i have a policy created but its empty.
Or Group Policy Object editor where i can see personlization and have done the work already for settings but not sure how to apply it.
When you reposond please let me know which one to work with (with any solution u recommend as i am greeeen to GPOs)
thanks plenty
but i need to which one should i be working on
Group Policy Management where i have a policy created but its empty.
Or Group Policy Object editor where i can see personlization and have done the work already for settings but not sure how to apply it.
When you reposond please let me know which one to work with (with any solution u recommend as i am greeeen to GPOs)
thanks plenty
What do you mean by group policy object editor? Are you running gpedit.msc locally on a workstation? That will only affect that computer.
You should only be using the Group Policy Management console as previously described.
Your last screen shot shows you are looking under Preferences. The settings are under User Configuration-->Policies--
http:#a37812260
User Configuration\Administrati
Enable screen saver --> enabled
Force specific screen saver --> <if not %Systemroot%\System32 directory include full path>
Prevent changing screen saver --> enabled
http://technet.microsoft.com/en-us/library/ee617164(v=WS.10).aspx
You should only be using the Group Policy Management console as previously described.
Your last screen shot shows you are looking under Preferences. The settings are under User Configuration-->Policies--
http:#a37812260
User Configuration\Administrati
Enable screen saver --> enabled
Force specific screen saver --> <if not %Systemroot%\System32 directory include full path>
Prevent changing screen saver --> enabled
http://technet.microsoft.com/en-us/library/ee617164(v=WS.10).aspx
ASKER
Thanks,
from Grou0p policy Management (as attached) i right click on the ScreenSver and go EDIT
And the attached shows that
User Configuration--> has no administrative templates (it only has Policies and Preferences)
how do i change that, the view or how do i add the admin templates to the view???
i think we are close.
sorry for the confusion earlier
GPO-4.png
from Grou0p policy Management (as attached) i right click on the ScreenSver and go EDIT
And the attached shows that
User Configuration--> has no administrative templates (it only has Policies and Preferences)
how do i change that, the view or how do i add the admin templates to the view???
i think we are close.
sorry for the confusion earlier
GPO-4.png
Here are the settings:
Users Config > Administrative Templates > Control Panel > Personalization >
Users Config > Administrative Templates > Control Panel > Personalization >
Expand Policies under user configuration, you are still looking under Preferences
My screenshot demonstrates this
ASKER
ASKER
I looked under all links, As per my last screenshot (now that we agree on a location :) )
how do i add the template since it is not there???
how do i add the template since it is not there???
You are using GPME and not GPMC
they are two different MMC's
Install RSAT on your windows 7 machine or connect to your AD via RDP.
You will see the settings.
You should not really use GPME at all.
they are two different MMC's
Install RSAT on your windows 7 machine or connect to your AD via RDP.
You will see the settings.
You should not really use GPME at all.
Now it makes more sense. You have the Group Policy Central store enabled but the ADMX template files are not where they need to be.
From the latest OS version in your environment (e.g. server 2008 or W7/2008R2 in that order) you need to copy the PolicyDefinitions folder from c:\Windows\SYSVOL\domain\P
This article shows details with screen shots: http://www.petri.co.il/creating-group-policy-central-store.htm
From the latest OS version in your environment (e.g. server 2008 or W7/2008R2 in that order) you need to copy the PolicyDefinitions folder from c:\Windows\SYSVOL\domain\P
This article shows details with screen shots: http://www.petri.co.il/creating-group-policy-central-store.htm
Caveat: once you update to the W7/2K8R2 templates you will have to edit GPOs from one of those two platforms (not Vista, XP, or 2K8).
Sorry....local path to copy from is C:\Windows\PolicyDefinitio
ASKER
Awesome, thank you so much everyone, i will try that later on today and will update you.
So sorry for the confusion theroughout :)
So sorry for the confusion theroughout :)
this is one long thread
ASKER
with plenty of mis-communication.. my bad i was lost between Group Policy Editor and Group Policy Management :)
ASKER
Guys, still need assistant. I still dont have settings in my policy....
Where and how do i add the control panel template????? where i can find the display and screen saver???
plleeeeaaasse
this is starting to take up all my day
thx plenty
Where and how do i add the control panel template????? where i can find the display and screen saver???
plleeeeaaasse
this is starting to take up all my day
thx plenty
ASKER
Spoke too soon...
never mind. i had to close GPO management (been a looooong day)
it shows up now and oh joy oh joy.
never mind. i had to close GPO management (been a looooong day)
it shows up now and oh joy oh joy.
Are you using GPMC or GPME ?
ASKER
IT WOOOORRRKKSSS
omg thank you sooo much.
it finally works
you guys are awesommme
omg thank you sooo much.
it finally works
you guys are awesommme
:)
Can you post a screenshot of your revise GP setup?
Can you post a screenshot of your revise GP setup?
seems like i miss a lot of things, just after a day from my end ..... :)......really a long post .....
Geekah, so you see the settings now that the templates are in the central store?
ASKER
Hi guys,
sorry i disappeared, but here is a screen shot of the working GPO.
Thank you again for your assistant :)
Working-GPO.png
sorry i disappeared, but here is a screen shot of the working GPO.
Thank you again for your assistant :)
Working-GPO.png
errmmm ...... I got no points for the OU suggestion from my first post ??? ......