Hello all,
We have all our computers and users in Active Directory split between different OU’s that represent out different departments. This way we can create gpo’s and link them to the relevant departmental OU. We have a screensaver user policy which turns on the screensaver after a period of inactivity which we have linked at the top of the active directory hierarchy so that it filters down to all the users.
Like this.
--Organisation -------------> Screen saver policy applied here
----department1
--------user1
--------user2
--------computer1
--------computer2
--------computer3
--------computer4
----department2
--------user3
--------user4
--------computer5
--------computer6
--------computer7
----department3
--------user5
--------user6
--------computer8
--------computer9
We now need to exclude certain computers from the screensaver policy, for example let’s say computers 3,5 and 8. We can’t move the affected computers into another new OU as they then wouldn’t pick up their departmental gpo which are applied at the departmental ou level. What’s the best way to go about this?
This is what I’ve tried to do so far. I’ve created another gpo (screensaver override) which has the user group policy loopback processing mode setting enabled and set the screensaver to be disabled. I then linked this at the same level as the existing screen saver policy and ensured it was set as a higher priority link order so that it overwrote the existing screensaver policy. To ensure that the policy only applied to the computers I wanted it to I added the affected computers to the security filtering box for the screensaver override policy.
This doesn’t work though. If I leave the default Authenticated Users group in the security filtering box alongside the computers the policy applies to everyone, if I remove the authenticated users group it applies to no one. I’m guessing as the screensaver policy is a user policy it’s only looking at users and is ignoring my computers.
We have all our computers and users in Active Directory split between different OU’s that represent out different departments. This way we can create gpo’s and link them to the relevant departmental OU. We have a screensaver user policy which turns on the screensaver after a period of inactivity which we have linked at the top of the active directory hierarchy so that it filters down to all the users.
Like this.
--Organisation -------------> Screen saver policy applied here
----department1
--------user1
--------user2
--------computer1
--------computer2
--------computer3
--------computer4
----department2
--------user3
--------user4
--------computer5
--------computer6
--------computer7
----department3
--------user5
--------user6
--------computer8
--------computer9
We now need to exclude certain computers from the screensaver policy, for example let’s say computers 3,5 and 8. We can’t move the affected computers into another new OU as they then wouldn’t pick up their departmental gpo which are applied at the departmental ou level. What’s the best way to go about this?
This is what I’ve tried to do so far. I’ve created another gpo (screensaver override) which has the user group policy loopback processing mode setting enabled and set the screensaver to be disabled. I then linked this at the same level as the existing screen saver policy and ensured it was set as a higher priority link order so that it overwrote the existing screensaver policy. To ensure that the policy only applied to the computers I wanted it to I added the affected computers to the security filtering box for the screensaver override policy.
This doesn’t work though. If I leave the default Authenticated Users group in the security filtering box alongside the computers the policy applies to everyone, if I remove the authenticated users group it applies to no one. I’m guessing as the screensaver policy is a user policy it’s only looking at users and is ignoring my computers.
![[smarty]](/data/assets/smilies/smarty.gif "[smarty] [smarty]")
Hard work often pays off over time, but procrastination pays off right now!
