Re: can't override screen saver policy

I am having the same issue and the original post. I have tried adding the
setting at the OU level which is below the domain level, so that policy
should be applied. However, it seems that this setting is a user setting.
The users are in the user OU which is above the target computer OU. So they
don't get this policy setting. I have also tried setting the permissions to
allow access to only the specific machine accounts and that has no effect.
It only seems to care about the user portion.

Anyone have any ideas?

DC

"Ken B" wrote:

> You're right in that the local policy gets applied first. The only thing is
> later settings in the L, S, D, Ou order 'win'. So your domain policy won
> out over the local policy... and the domain wins.
>
> If you had a different policy on the OU, that one would win, provided your
> domain policy did not have "No override" or "Enforced" checked off.
>
> Easiest way I would think to get those computers to not apply the
> screensaver policy would be to create a security group, add the computers to
> that group, and then give that group Deny permission to Read & Apply the
> policy on the security tab of the policy itself. This way you can
> add/remove/edit the list at your own whim, and you'll have a listing of all
> the computers that won't have that policy apply to them.
>
> HTH
>
> Ken
>
> <lee.james@xxxxxxxxxxxxx> wrote in message
> news:1121956401.102170.315600@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > We've enabled a mandatory screen saver policy and applied it at the
> > domain level - it works as it's supposed to.
> >
> > There's a handful of machines we don't want this policy to apply to,
> > and we don't want to muck around with GP permissions, or create
> > exception OU's, play with GP deny settings etc.
> >
> > We should just be able to specify a local policy to override (as local
> > is first in order or precedence).
> >
> > However we can't get it to work. Clients are XP SP2.
> >
> > I specify the settings locally, log off and on, tried rebooting as well
> > - but when I check the registry key
> > HKCU\SW\policies\Microsoft\Windows\Control Panel\Desktop it keeps
> > showing the entries from the domain policy.
> >
> > What gives?
> >
>
>
>
.

Relevant Pages

  • Re: Preventing Policy applying to Computers
    ... You want to use loopback processing of group policy that will apply user ... Then disable the settings at the domain level that you do not want to apply ... to users in general logging onto other computers. ... > We have a remote office where the users connect using Remote Access ...
    (microsoft.public.win2000.group_policy)
  • Preventing Policy applying to Computers
    ... We have a remote office where the users connect using Remote Access ... We have a fairly simple policy at the domain level which prevents remote ... I have created an OU and moved the XP computers into it ...
    (microsoft.public.win2000.group_policy)
  • Re: Restrict computers user in an OU or Group can log on to
    ... If you don't want to overwrite local policy for user rights look into using the ... With over 1500 computers I don't feel like ...
    (microsoft.public.win2000.security)
  • Re: Group policy not happening
    ... First off account/password policy can only be set at the domain level so if those ... Otherwise check that the GPO for the OU is linked to the OU, ... > OU with my computers and users located inside. ...
    (microsoft.public.win2000.group_policy)
  • Not all GPOs are Applying
    ... I am running into an instance where not all of my client machines, ... I have a domain level GPO ... About 2/3 of the computers in the specific ... computers are not pulling the policy, ...
    (microsoft.public.win2000.group_policy)