Solved

Group Policy Poilcy For A Single user.

Posted on 2013-01-11
6
328 Views
Last Modified: 2013-01-14
Hi,

I have a user who does not want their screen to lock. How would I go about applying a policy to them to stop this from happening. Bearing in mind they are part of a bigger group. I know which policy I need to apply, but am unsure how to apply the policy to only work with them.

Any ideas?

Thanks
0
Comment
Question by:HantsColl
6 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38767371
Does the user log into one machine or multiple machines?  The reason I ask is because the screen saver policy is a computer policy

The issue is that the screensaver is  user based setting (wish it could be both).   Check out this question I was a part of

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_24918620.html

The loopback method that OBDA suggested should work for you on that box

Thanks

Mike
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38767372
I assume you have a GPO that sets their screen to lock. If so, do this:

1. Create a security group named something like Exclusion: NAME of GPO. Add this user to the group.

2. Edit the GPO that sets their screen to lock. Click on the Delegation tab. Then select advanced. Add this group and deny them the "Apply Group Policy" permission.

Here is a nice (I'm slightly bias toward it) article explaining delegation and other troubleshooting steps:

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11009-10-Ways-to-Troubleshoot-Group-Policy.html
0
 

Author Comment

by:HantsColl
ID: 38767456
Thank you for your responces. The user will be logging onto mulitpule machines ( that are in the same group ). Which other policys would I need to apply in order to stop the machines from locking.

I have tried applying a policy to the computer group, unfortunately what I tried did not work and the machine locked after 10 minutes.

Thank you
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 4

Expert Comment

by:mprssjpr
ID: 38767722
Silly question, but are you sure that when testing, the machine you used had updated GP? When performing GP tests, I always run gpupdate on both the DC and and the test machine, then even restart the machine.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 38767850
It would be a USER based policy applied to the USER.
One way would be to create a new GPO and set the screensaver to disabled. In the "Scope" tab of the GPO, you would remove "Authenticated Users" from the Security Filtering box, and add the user's name. Make sure that the GPO precedence is near the top (1). Then apply the GPO at the root OU (where users are located). This would enable the user to have open screensaver regardless of where he logs on.
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 300 total points
ID: 38769258
Edit:  I posted this prior to reading Thinks reply.  It basically reiterated what he posted.
I have a bit more details and screenshots, but it was that same thing Think post.

I hate to state this, but the GP Setting is not computer base, but User.

User Config > Admin template > Control Panel > Personalization > Password Protect ScreenSaver : Disable

GPO_ScreenSaver
You will need to scrope the GPO to only apply to that user.
After creating the GPO click on the Scope tab and remove the Authenticated User group and add the user you want to apply it to.
After that make sure that you place the GPO below the Standard GPO that contains the Screensaver so it overrides any other settings that the previous GPO ScreenSaver settings applied.

GPO_ScreenSaver02
The screenshot demonstrates the order of precedence.
Note if the GPO that has the Standard ScreenSaver setting is linked to a OU rather than the Domain then you will need to link the GPO to the same OU or child OU of the Standard Screensaver, but as stated earlier it must be lower in the order so it applies and will override the previous.
GPO_ScreenSaver03
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now