Group Policy Question
Please put me out of my misery.
All my user accounts are in one OU and my computer accounts are in another. I have configured a GP so that each users workstation locks after 10 minutes of inactivity. This works fine.
I would like this to occour on ALL workstations, so I linked the GP to the Users OU and all is OK.
BUT , when users logon to a particular computer, i do not want the workstation to lock (it plays DVD's onto a projector).
I know I can put the single computer into its own OU, with its own GP settings, but the display/screensaver settings are in the User part of GP.
I am trying to work out the easiest way to stop the user settings taking effect when they use the single workstation. I would like all other GP settings for the users to be applied to the single computer except the screen lock.
I am sure its simple and I am just having a mental block.....
help please
All my user accounts are in one OU and my computer accounts are in another. I have configured a GP so that each users workstation locks after 10 minutes of inactivity. This works fine.
I would like this to occour on ALL workstations, so I linked the GP to the Users OU and all is OK.
BUT , when users logon to a particular computer, i do not want the workstation to lock (it plays DVD's onto a projector).
I know I can put the single computer into its own OU, with its own GP settings, but the display/screensaver settings are in the User part of GP.
I am trying to work out the easiest way to stop the user settings taking effect when they use the single workstation. I would like all other GP settings for the users to be applied to the single computer except the screen lock.
I am sure its simple and I am just having a mental block.....
help please
Isn't Bill such a Great Guy!!!!
Comments
-
NetAdmin2436 Member Posts: 1,076Or just deny 'apply group policy' to that particular computer in that GPO's setting. I have the same sort of thing setup with our conference room computer.WIP: CCENT/CCNA (.....probably)
-
Claymoore Member Posts: 1,637Yes, Group Policy Loopback Processing is what you want. I used the example of changing the screensaver timeouts on a conference room PC in an earlier post about loopback processing.
http://www.techexams.net/forums/mcts-mcitp-windows-2008-general/50610-loopback-process-why-call-loopback-how-loopback.html -
SWM Member Posts: 287Thanks for the replies.
I have used loopback processing before (on our terminal server) and it works well, but wont it just allow an existing "user settings" gp be applied to a computer.
Because I want to have all user settings except one applied, I assume I will have to create a new group policy object with all the user settings except the "windows lock" and link it to the OU where my one computer lives.
I was hoping to have minimal GP objects in our domain.Isn't Bill such a Great Guy!!!! -
Hyper-Me Banned Posts: 2,059Thanks for the replies.
I have used loopback processing before (on our terminal server) and it works well, but wont it just allow an existing "user settings" gp be applied to a computer.
Because I want to have all user settings except one applied, I assume I will have to create a new group policy object with all the user settings except the "windows lock" and link it to the OU where my one computer lives.
I was hoping to have minimal GP objects in our domain.
Use the loopback processing, in the same GPO as the loopback change the one setting you want to be different and set the Loopback mode to MERGE -
snadam Member Posts: 2,234 ■■■■□□□□□□
Because I want to have all user settings except one applied, I assume I will have to create a new group policy object with all the user settings except the "windows lock" and link it to the OU where my one computer lives.
I was hoping to have minimal GP objects in our domain.
To my knowledge, if we are talking 2003 GPOs (not sure about 2008 ), then its an all or nothing thing when it comes to User or Computer settings in a GPO being applied. As you stated, you would have to create a new GPO with that particular setting, apply and filter accordingly.**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
Hyper-Me Banned Posts: 2,059It would take less than a minute to do what Dynamik, Claymoore and myself have said.
-
snadam Member Posts: 2,234 ■■■■□□□□□□It would take less than a minute to do what Dynamik, Claymoore and myself have said.
Very true.
Maybe I read too much into it, but it sounds like he doesn't want to use loopback processing.
if you use loopback processing in merge mode, it will merge the "user settings" of the user and computer. If there is a conflict, the GPO "user settings" applied to the Computer will win. Therefore, if you made a GPO with loopback processing merge mode and the windows display settings, and link it to the OU with that PC; it will override the user GPO with the particular user setting that will initiate the screen saver when they log in.
In fact, you would have to disregard my previous post because I did not read the part where the PC in question is in its own OU and nothing else.**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
Hyper-Me Banned Posts: 2,059He wants the one applied to the computer (via loopback) to win, because hes overriding the screensaver setting.
Or am i missing something? -
snadam Member Posts: 2,234 ■■■■□□□□□□He wants the one applied to the computer (via loopback) to win, because hes overriding the screensaver setting.
Or am i missing something?
youre not, Which is why I said disregard my previous post. I did not read the info in full.**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
SWM Member Posts: 287thanks for all the replies..
loopback is working greatIsn't Bill such a Great Guy!!!!