Group policy link order

I have a screen saver USER timeout set on default domain policy to 15min. This is inherited and applies to all users.
User accounts are in Staff OU
Workstation accounts are in Workstation OU
Server accounts are in Server OU

I want to set a different timeout to the same staff but to apply to servers only.
So when they login to their workstation its 15min, but same user on a server its 30min.

The issue here is that the timeout is a USER setting so putting it on my server group policy does not work because the users are not located in that OU, only server computer accounts are.
Putting it in the staff OU will apply to all staff but to all computers that staff logs into, workstation and server.
This is pointless since I already have it in default group policy and I don't want this.

unlike preferences this gpo setting doesn't have item level targeting.
So how do I enforce 2 different user settings to all users but on 2 different computer types?
1.The most common issue seen with Group Policy is a setting not being applied. The first place to check is the Scope Tab on the Group Policy Object (GPO). If you are configuring a computer side setting, make sure the GPO is linked to the Organization Unit (OU) that contains the computer. If the GPO configures a user side setting, it needs to be linked to the OU containing the correct user. Remember, GPOs cannot be linked to an OU that just contains security groups. You can use this PowerShell script to optimize your GPO links and ensure that they are properly linked.  

DCs are all win 2012, pcs are win 7, servers are 2008R2 and 2012.

Thanks
baysysadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
use wmi filtering instead   for servers
select * from Win32_OperatingSystem where ProductType="2" or ProductType="3"
fpr desktops
select * from Win32_OperatingSystem where ProductType="1"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
Or loopback processing, since it'll apply to all staff.
0
baysysadminAuthor Commented:
Ive never used WMI filters.

The default name space was root\CIMv2 so I used that.

Ive applied the filter to my server GPO but this wont help me since the setting is USER based.

Does that mean in order to make this work I need 2 STAFF GPOs,  one with Server filter the other with workstation filter.
And then move remove the timeout USER setting from default domain policy and put it in the staff policy 1 and 2?
0
David Johnson, CD, MVPOwnerCommented:
Yes that is correct.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.