GPO Conflict - Help
i am having a real problem with the below GPOs
First Policy - Screen Saver Policy for all Authenticated Users in the domain, Set time out at 10 min
Second Policy - Screen Saver Policy for a set of computers for example conference room computers so anyone that logs to them the screen saver time out is set for 2 hours.
i have made second policy, lower link order and in the first policy i went into delegation and placed a deny group policy for a security group i created with the conference room computers.
but at the end of the day the first policy is still the one being pushed to the conference rooms all computers time out at 10min.
First Policy - Screen Saver Policy for all Authenticated Users in the domain, Set time out at 10 min
Second Policy - Screen Saver Policy for a set of computers for example conference room computers so anyone that logs to them the screen saver time out is set for 2 hours.
i have made second policy, lower link order and in the first policy i went into delegation and placed a deny group policy for a security group i created with the conference room computers.
but at the end of the day the first policy is still the one being pushed to the conference rooms all computers time out at 10min.
Enable loop-back processing.
ASKER
i enabled loop-back processing already
Create a group called meetingRoomComputers
Add your meeting room computers to this group named meetingRoomComputers
Add the group meetingRoomComputers to the screensaver timeout GPO
set the group permissions for meetingRoomComputers to deny read of the GPO for the 10 minute screensaver timeout policy.
Run gpupdate /force
You should be good to go.
Add your meeting room computers to this group named meetingRoomComputers
Add the group meetingRoomComputers to the screensaver timeout GPO
set the group permissions for meetingRoomComputers to deny read of the GPO for the 10 minute screensaver timeout policy.
Run gpupdate /force
You should be good to go.
ASKER
@nappy_d i did that exactly and still no go
Can you run the command rsop.msc on a machine that the policy should apply to.
let's see it it is actually even seeing the policy.
let's see it it is actually even seeing the policy.
ASKER
Already did that it's not evening there :(
Hmmm do you have the policy at the OU level containing the boardroom computers or is it inheriting it from an upper level?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then I think something is potentially blocking the inheritance of the policy. Apply the policy directly to the OU Containing the boardroom PCs. Refresh and see if the policies apply.
ASKER
no good answers
Screen saver is located in User configuration part of GPO, not Computer. If you log as some local user on those computers, does the screen time out after 10min or stay longer?
Are there some predefined user account that are used at those conference computers? If there are some, maybe you can create deny read for that group of users...
Regards,
Ivan.