Re: Disable Lock Computer on most computers but not all?

From: Dmitry Korolyov [MVP] (d__k_at_removethispart.mail.ru)
Date: 04/27/04

• Next message: Derek Melber [MVP]: "Re: Disable Lock Computer on most computers but not all?"
• Previous message: Michael A. Covington: "Disable Lock Computer on most computers but not all?"
• In reply to: Michael A. Covington: "Disable Lock Computer on most computers but not all?"
• Next in thread: Derek Melber [MVP]: "Re: Disable Lock Computer on most computers but not all?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 28 Apr 2004 00:01:59 +0400

Normally, you can use a security filtering for the GPO to accomplish that.
Create a group (or use an existing one), then configure the GPO so that
group has denied "Apply policy" setting. Then just add the user accounts
that should not be affected to the group.

However, since "Disable lock workstation" is a User Configuration setting,
and you need to do that on a computer-dependent basis, you might need to use
security filtering in conjunction with loopback policy processing - when a
setting defined in User Configuration of the policy affecting to the
computer account is actually applied to the user, instead of (or before) the
regular user's policies. This would still be a compicated config, however.

--
Dmitry Korolyov [d__k@removethispart.mail.ru]
MVP: Windows Server - Active Directory
  "Michael A. Covington" <look@www.ai.uga.edu.for.information> wrote in
message news:Osa5f8ILEHA.2976@TK2MSFTNGP10.phx.gbl...
  Is there a way, through Group Policies, to disable Lock Computer on almost
  all the computers in a domain, but enable it on certain ones, including
the
  domain controllers?

---

• Next message: Derek Melber [MVP]: "Re: Disable Lock Computer on most computers but not all?"
• Previous message: Michael A. Covington: "Disable Lock Computer on most computers but not all?"
• In reply to: Michael A. Covington: "Disable Lock Computer on most computers but not all?"
• Next in thread: Derek Melber [MVP]: "Re: Disable Lock Computer on most computers but not all?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: GPO Problems ... Templates of User Configuration, It should reflect on client pc whenever ... I have tried to enforced all GPO one by one to check whether it works ... Only the password policy an account lockout policy have to bet set on ... (microsoft.public.windows.server.active_directory) Re: To override Group Policy ... That is a user configuration policy - not computer, but you can exempt users by ... creating a group and then giving that group deny permissions to the GPO in GPO ... policy disabled, put it at the top of the list and filter it so that it applies ONLY ... (microsoft.public.win2000.group_policy) Re: How to create "kiosk" PC using a GPO? ... I can get the policy to apply, ... the actual settings I chose in the "User Configuration" portion of the GPO ... (microsoft.public.windows.server.active_directory) Re: Restrict to 1 program ... I also understand a lot more about GPO thanks to you. ... Terminal Server computer account in this OU and link the policy to ... You have to make it a User Configuration setting, ... (microsoft.public.windows.terminal_services) Re: Restrict to 1 program ... MCSE, CCEA, Microsoft MVP - Terminal Server ... I also understand a lot more about GPO ... policy to this OU. ... You have to make it a User Configuration setting, ... (microsoft.public.windows.terminal_services)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2004-04