[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 901
  • Last Modified:

How to get a single computer on the domain to not run default group policy, create separate policy

Hi Experts!
Here's my situation.  I have a single computer that I want to use solely for connecting to a TV near the entry and display welcome messages to clients, etc.  I want to be able to remote to it to update what is displayed (add a new powerpoint from the network, whatever), but I want to lock it down as much as I can.  The default domain policy includes policy to force screensavers to kick on after 15 minutes and lock for reentry.  I need to remove that feature so I can just run images all day long.  

What I tried so far was to create a new OU, move that computer to the new OU.  Then I created a new OU in GP, set it to "block inheritance", then created a policy inside where I lock it down and remove the screensaver.  Then I enforced it and added the specific computer to the security filtering.  

I tried rebooting and running gpupdate /force and a gpresults /r indicates the default domain policy is still the one being implemented.  What am I missing?  Is there an easier/better way to do this?  

Thanks!
0
thetraveler359
Asked:
thetraveler359
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
The issue is that the screensaver is  user based setting (wish it could be both).   Check out this question I was a part of

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_24918620.html

The loopback method that OBDA suggested should work for you on that box

Thanks

Mike
0
 
jsdrayCommented:
Can you remove the screensaver setting from DEFAULT and create a new GPO for Screensaver on the OU(s) all your computers are in... except this one...?
0
 
thetraveler359Author Commented:
Any idea, though, why blocking inheritance doesn't seem to be working?  It's still reporting that the default policy is being applied and not the one I created for this computer.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
Mike KlineCommented:
you are blocking inheritance against the computer policies for that box but the user policies would still apply.  

Do you log in with one user on that box?  You can put that user in an OU and block or use security filtering on that GPO to deny that user.

More on security filtering here   http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html

Thanks

Mike
0
 
thetraveler359Author Commented:
Right!  That's what I was missing.  I created a user and added them to the OU and it works! Thanks.
0
 
Mike KlineCommented:
Excellent glad to help out.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now