Options

Group Policy Issue

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
The new VP decided that we must have screen saver locking on all of our machines after 15 minutes of non-use. We created that policy and it works perfectly. Of course the minute we do this, the one offs begin. Accounting and HR are now complaining that it needs to be 5 minutes for them. We created another policy, removed authenticated users, and added just the Accounting/HR group with a policy of 5 minutes. For some reason the policy still does not apply and they are getting the one for 15 minutes. I thought perhaps if I changed the order, so the the 5 minute policy was first that would do it, but in testing with my account it is still 15 minutes. Any ideas?
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
· Share on FacebookShare on Twitter

Comments

  • Options
    TackleTackle Member Posts: 534
    Is "Apply Group Policy" checked for the HR/Accounting groups under the Advanced Delegation?
    · Share on FacebookShare on Twitter
  • Options
    ClaymooreClaymoore Member Posts: 1,637
    Please don't use security group filtering in GPOs. It slows down GPO processing and makes for messy GPO troubleshooting. Same goes with the Enforced and Block Inheritance options - those should be for the very rare exceptions. If you regularly have to make use of those options, your OU structure is wrong.

    If the Accounting/HR folks need a different policy, they should be in a separate OU. A GPO applied to an Accounting OU under your general Accounts OU will take precedence over the higher-linked GPO in Accounts. Unless that higher GPO has the Enforced option checked (formerly No Override), which means those GPO settings will apply over the lower OUs.

    The next exception you will be asked to create is to change the timeout for special purpose computers like conference room PCs. Since the screen saver timeout is a user option, you will need to create a separate GPO for those workstations and use Loopback processing to apply those special user settings when a user logs on to that PC.

    You can use the Group Policy Modeling wizard to test the winning GPOs and applied settings before you have to get users involved in the testing.
    Clay Moore's Blog
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    You nailed it on the head, the next request was for the conference room pcs. Unfortunately we do not have enough access to create an OU within our OU. Oh well VP's problem, not mine.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
Sign In or Register to comment.