?
Solved

Issue with GPO Applying Correctly

Posted on 2014-09-22
2
Medium Priority
?
225 Views
Last Modified: 2014-09-23
Please see attached document for settings and structure. I need to disable the screensaver on all my conference room PC's, I I have a GPO the has both Computer settings and Users settings defined. My main user settings policy has only User Settings defined. I've tried Loopback with replace, but it completely replaces all User Settings with the Training GPO settings. I've tried merge, but it does not disable the screensaver. Any suggestions would be great.
C--Folder-Directory-GPO-Structure.docx
0
Comment
Question by:cornfedkiller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Expert Comment

by:Radhakrishnan R
ID: 40336821
Hi,

I appears that the disable policies are override by other policies. Ie - There are few OU's just above the Training and conference room machines. So, those polices are having screen savers enabled. So, obviously it's overriding the disabled policies.

Simply right click the "Training and Conference Room Machines" OU and make it "Block Inheritance". Perform Gpupdate /force and reboot the machine. Check the issue and see it's getting the correct policy applied?
0
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 2000 total points
ID: 40337662
I'm gonna have to disagree with radhakrishan on this one.. generally the policies at the root will not override policies applied at the child levels unless the ones at the top are enforced. I wouldn't use block inheritance unless explicitly required.

So one thing about Screensavers/Desktop settings that I've found is that the USER settings work better than the COMPUTER settings. That means:

1) Your default screensaver settings should be a USER policy and be applied at the top level OU where the users are
2) Your training screensaver settings should be a USER policy (which you look live you've configured) and applied to the TRAINING Computers OU
3) In that Training OU, create a new policy where all it has in it is loopback processing enabled (this makes it easier for you to identify what OUs have loopback enabled vs digging into the GPO).

Also - try doing a merge instead of a replace and see what happens.

This should (in theory) make it so that any user that logs on a training computer gets the "no screensaver", but does not affect any machines outside that OU.

Either way, try making sure you are configured as above, and then log on a training workstation and run a gpresult or a RSoP and see what policies are applied (and at what inheritance order).
Check the links below to make sure you've configured loopback properly.. it can be a little tricky.

"2.Merge mode applies GPOs linked to the user object first, followed by GPOs with user settings linked to the computer object.
◦The order of processing determines the precedence. GPOs with users settings linked to the computer object apply last and therefore have a higher precedence than those linked to the user object.
◦Use merge mode in scenarios where you need users to receive the settings they normally receive, but you want to customize or make changes to those settings when they logon to specific computers.

3.Replace mode completely skips Group Policy objects linked in the path of the user and only applies user settings in GPOs linked in the path of the computer.  
Use replace mode when you need to disregard all GPOs that are linked in the path of the user object."

http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
http://blogs.technet.com/b/askds/archive/2013/05/21/back-to-the-loopback-troubleshooting-group-policy-loopback-processing-part-2.aspx
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question