Re: can't override screen saver policy

---

• From: "Ken B" <none@xxxxxxxxxxxxx>
• Date: Thu, 21 Jul 2005 17:18:44 -0400

---

You're right in that the local policy gets applied first. The only thing is
later settings in the L, S, D, Ou order 'win'. So your domain policy won
out over the local policy... and the domain wins.

If you had a different policy on the OU, that one would win, provided your
domain policy did not have "No override" or "Enforced" checked off.

Easiest way I would think to get those computers to not apply the
screensaver policy would be to create a security group, add the computers to
that group, and then give that group Deny permission to Read & Apply the
policy on the security tab of the policy itself. This way you can
add/remove/edit the list at your own whim, and you'll have a listing of all
the computers that won't have that policy apply to them.

HTH

Ken

<lee.james@xxxxxxxxxxxxx> wrote in message
news:1121956401.102170.315600@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> We've enabled a mandatory screen saver policy and applied it at the
> domain level - it works as it's supposed to.
>
> There's a handful of machines we don't want this policy to apply to,
> and we don't want to muck around with GP permissions, or create
> exception OU's, play with GP deny settings etc.
>
> We should just be able to specify a local policy to override (as local
> is first in order or precedence).
>
> However we can't get it to work. Clients are XP SP2.
>
> I specify the settings locally, log off and on, tried rebooting as well
> - but when I check the registry key
> HKCU\SW\policies\Microsoft\Windows\Control Panel\Desktop it keeps
> showing the entries from the domain policy.
>
> What gives?
>


.

---

• Follow-Ups:
  • Re: Re: can't override screen saver policy
    • From: lforbes
  • Re: can't override screen saver policy
    • From: dcompton

• References:
  • can't override screen saver policy
    • From: lee . james

• Prev by Date: Re: Software Deployment with %logonserver%
• Next by Date: Custom COMPUETR certificate template is not showing up
• Previous by thread: can't override screen saver policy
• Next by thread: Re: can't override screen saver policy
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows 2000 - Local policy - deny logon loccaly ... and edit the local policy to remove the settings. ... In Windows 2000 Proffesional, SP4, I have changed in> Local policy settings -- deny logon locally. ... (microsoft.public.windowsxp.security_admin) Re: Replaing "lockdown" PCs with GPO ... the SCM only reset the computer settings and not the user configuation (at ... > local policy settings before letting GP manage the machine. ... (microsoft.public.win2000.active_directory) RE: Performance Option. ... Yes i am doing this via Local Policy and it didn't ... images of the settings... ... display settings, i.e. w/o the Mickey-Mouse/Tele-Tubbies ... (microsoft.public.windows.terminal_services) Re: local security policy in a 2003 Domain ... When settings are disabled like that in local policy, ... If I go in the local security policy,> security ... (microsoft.public.security) Re: Local Security Policy on domain controller? ... A google search for "security configuration templates" turns up a fair ... Some settings require a reboot and others don't. ... >> It's so close to affecting the local policy that I probably shouldn't ... >> it will affect local security policy, ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)