Re: Automated logoff using Winexit.scr

Ok all. I have made progress, but still don't have the desired
finished result.

Instead of deploying, which I couldn't get working using a simple .bat
file, I was able to point the Usr Config\Adm Templ\Control
Pnl\Display\Screen Saver executable name to the file on a share and it
works!

Now the only problem is when users time out after inactivity, they get
an error regarding permissions for the following reg key:

HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\control.ini

Even though I add Authenticated users with the correct Special
permissions, export the .reg file to the share and have altered my .bat
file to the following single command:

Regedit.exe /s "\\server\share\file.reg"

The requisite permissions are not applying, and the user still gets the
error.

Does anyone have any ideas?

Please help if you can.

Thanks!

sax

saxophobe wrote:
Good Evening all,

I am trying to implement and automated logoff for all computers that
are not servers in our domain. I have tried creating a group policy
and linking it to a new OU called Desktops, but the policy doesn't
apply for some reason. To accomplish this I did the following:

1. Created a .bat file to download the winexit.scr screensaver file to
the C:\Windows\system32 dir from a share on the server
2. Created a custom Administrative Template to enable the settings for
the winexit.scr found here:
http://blog.case.edu/djc6/2005/03/09/automatically_log_off_users
3. Set all the settings to control the Screen Saver in the new policy,
including the ones in User Config > Administrative Templates > Control
Panel > Display

Now, I want to apply this to all desktops and laptops, even remote
ones, and not servers, but my settings don't seem to be applying, and
the .scr file is not being copied from the server, which has to happen
before some of the settings will take effect.

I have checked everything I can think of to get this to work; when I
run the .bat file on it's own, it works. I have made sure that
Authenticated Users have the Apply Group Policy permission defined.

Does this HAVE to be applied to the Default Domain Policy? If so, how
do I keep it from being applied to the servers? Do I have to apply a
WMI filter?

Any info on this would be appreciated.

Thanks to all that take the time to respond!

sax

.

Relevant Pages

  • Re: restricted groups frustration!
    ... Have you run GPMC Results wizard against one of the intended target servers to ensure they are actually processing that GPO and getting that particular setting. ... you could then enable security policy logging on one of the target servers to see what's up. ... If this is not the desired RSOP, you'll most likely want to create a new gpo with these settings in it and security filter it to 'Domain Computers', which avoids domain controllers. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Loopback Policy Not Taking Effect
    ... The fact that the *user* settings from the ... Lockdown GPO (which is linked to the OU containing the Terminal ... So I rebooted both of my Terminal Servers in hopes that the ... - I went to GP Management and Created a Loopback Policy as well ...
    (microsoft.public.windows.terminal_services)
  • Re: Domain Audit Policy not applying to one server
    ... settings are being applied from and do the same on one of the other servers ... if the local policy is being overridden by a policy with higher precedence. ... those servers that is using filtering to apply only to certain computers via the GPO ... included or is denied based on group membership or such. ...
    (microsoft.public.win2000.security)
  • Re: GP being filtered?
    ... I also see now that it is actually applying my settings to my domain users. ... to my Citrix servers so I have it linked to an OU that contains my ... Since you're linking the policy to an OU full of machines and configure ... You actually do this the same way in security filtering as you did with ...
    (microsoft.public.windows.group_policy)
  • Re: Local Policy Setting Grayed Out
    ... AD enforced policy settings override all ability to ... This GPO you would then edit the security settings on ... I have a Windows> Server 2003 machine which is in a OU called SERVERS at the root of my 2003> AD domain. ...
    (microsoft.public.windows.group_policy)
Loading