HantsColl
asked on
Group Policy Poilcy For A Single user.
Hi,
I have a user who does not want their screen to lock. How would I go about applying a policy to them to stop this from happening. Bearing in mind they are part of a bigger group. I know which policy I need to apply, but am unsure how to apply the policy to only work with them.
Any ideas?
Thanks
I have a user who does not want their screen to lock. How would I go about applying a policy to them to stop this from happening. Bearing in mind they are part of a bigger group. I know which policy I need to apply, but am unsure how to apply the policy to only work with them.
Any ideas?
Thanks
I assume you have a GPO that sets their screen to lock. If so, do this:
1. Create a security group named something like Exclusion: NAME of GPO. Add this user to the group.
2. Edit the GPO that sets their screen to lock. Click on the Delegation tab. Then select advanced. Add this group and deny them the "Apply Group Policy" permission.
Here is a nice (I'm slightly bias toward it) article explaining delegation and other troubleshooting steps:
https://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11009-10-Ways-to-Troubleshoot-Group-Policy.html
1. Create a security group named something like Exclusion: NAME of GPO. Add this user to the group.
2. Edit the GPO that sets their screen to lock. Click on the Delegation tab. Then select advanced. Add this group and deny them the "Apply Group Policy" permission.
Here is a nice (I'm slightly bias toward it) article explaining delegation and other troubleshooting steps:
https://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11009-10-Ways-to-Troubleshoot-Group-Policy.html
ASKER
Thank you for your responces. The user will be logging onto mulitpule machines ( that are in the same group ). Which other policys would I need to apply in order to stop the machines from locking.
I have tried applying a policy to the computer group, unfortunately what I tried did not work and the machine locked after 10 minutes.
Thank you
I have tried applying a policy to the computer group, unfortunately what I tried did not work and the machine locked after 10 minutes.
Thank you
Silly question, but are you sure that when testing, the machine you used had updated GP? When performing GP tests, I always run gpupdate on both the DC and and the test machine, then even restart the machine.
It would be a USER based policy applied to the USER.
One way would be to create a new GPO and set the screensaver to disabled. In the "Scope" tab of the GPO, you would remove "Authenticated Users" from the Security Filtering box, and add the user's name. Make sure that the GPO precedence is near the top (1). Then apply the GPO at the root OU (where users are located). This would enable the user to have open screensaver regardless of where he logs on.
One way would be to create a new GPO and set the screensaver to disabled. In the "Scope" tab of the GPO, you would remove "Authenticated Users" from the Security Filtering box, and add the user's name. Make sure that the GPO precedence is near the top (1). Then apply the GPO at the root OU (where users are located). This would enable the user to have open screensaver regardless of where he logs on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The issue is that the screensaver is user based setting (wish it could be both). Check out this question I was a part of
https://www.experts-exchange.com/questions/24918620/How-do-I-block-the-screensaver-group-policy-to-a-particular-Container-in-Active-Directory-I-don't-want-this-group-policy-to-apply-to-the-Unmanged-container-which-contains-kiosk-computers-screenshot.html
The loopback method that OBDA suggested should work for you on that box
Thanks
Mike