Jump to content


nodiaque

Disable Screensaver - loopback merge - Doesn't work

Recommended Posts

Hello,

 

I'm trying to set a GPO to disable the screensaver for all user on specific computer. My AD is configured liked that:

 

Root

+ - Computers (OU)

+ - - GPO_Computer - Windows

+

+ - Users (OU)

+ - - GPO_Users - Windows

 

All my users reside into the users OU, same for computers with the computers OU. Inside my "GPO_Users - Windows", I got these settings:

User configuration

+ Administrative templates

+ - Control panel \ Personalisation

Strategy

Activate Screensaver - Active

Timeout: 610 sec

Force specific screensaver: scrsave.scr

rRotect screemsaver with password: Active

 

(the name of the strategy policies might not be accurate, I translate them from my own language).

 

Now, this enable the screensaver "scrnsave.scr" (blank) for everyone in the OU "users" after 610 sec. This work.

 

I want to have an exception on specific computer. Right now, the way we do this is another GPO which disabled the screensaver on specific users. Thus, the screensaver is disable on any computer they go, not what we want.

 

So I tried creating a new computer gpo.

Root

+ - Computers (OU)

+ - - GPO_Computer - Windows

+ - - GPO_Computer - Disable Screen saver

+

+ - Users (OU)

+ - - GPO_Users - Windows

 

I put "GPO_Computer - Disable Screen saver" in first priority. I put a security filtering on an AD Group. The AD Group contain the computer I want to have the screensaver disabled. I also added "Authenticated users" for read only.

 

In the GPO, I set this:

Computer Configuration

+ Administrative templates

+ - System \ Group Policy

Strategy

Configure loopback processing: Merge

 

User configuration

+ Administrative templates

+ - Control panel \ Personalisation

Strategy

Activate Screensaver - Disable

Timeout: 0 sec

Force specific screensaver: "" (empty)

Protect screemsaver with password: Disable

 

 

Now, when I log onto the computer and check Windows configuration, I see the screensaver still set for blank after 610 sec with password.

 

When I run a gpresult, I see the loopback set to merge from "GPO_Computer - Disable screensaver", but the screensaver policy is winned by the gpo "GPO_Users - Windows". Aren't the computer suppose to win it over? What am I missing?

 

Thank you

Share this post


Link to post
Share on other sites


Ok, I got it!

 

PRoblem is, the user that log on the computer also need to have apply right in the security filtering. I added authenticated users (since this gpo isn'T applied to any users, I don't need to filter it) and now it work.

Share this post


Link to post
Share on other sites

Well, for anyone reading this, don't do what I said! Doing that apply the GPO to everyone... It seems authenticated users is also the computer itself.... So, back to square one...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...