Loopback processing not working
- From: ToChuck123 <ToChuck123@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Jan 2008 18:03:02 -0800
Hi all. I tried replying to a similar thread, but that doesn't seem to have
worked so I'm trying to post a new thread.
Here is the situation (it is almost identical to the situation described by
scott7).
Our workplace is increasing its security policies and we want everyone to
have their computer lockout after 15 min of inactivity (going to the
screensaver). However, there are some lab computers that should not follow
this rule as there are safety concerns.
I understand that loopback processing within a policy is the route to go for
this situation, and I have read up on it and tried to implement it. However,
I have not had any success with it.
Here is what I have done:
- I have a screensaver policy that is filtered to 3 security groups which
cover just about everyone in our active directory. Here is a list of
settings:
Administrative Templates
Control Panel/Display
Policy Setting
Password protect the screen saver Enabled
Screen Saver Enabled
Screen Saver executable name Enabled
Screen Saver executable name scrnsave.scr
Policy Setting
Screen Saver timeout Enabled
Number of seconds to wait to enable the Screen Saver seconds:
900
This policy works (much to the chagrin of most of our employees).
- I have a second policy that I'm using to "turn off" the screensaver policy
via loopback processing. As I am testing, I'm not disabling the screensaver,
but rather specifing a different one so that the changes are apparent. Once
I get it working properly, I'll change it so that the screensaver is
disabled. The policy is applied to my computer (not a group, but when I get
it working I'll apply it to a group of computers we want to disable the
screensaver). Here are the settings for that policy:
Computer Configuration (Enabled)
Administrative Templates
System/Group Policyhide
Policy Setting
User Group Policy loopback processing mode Enabled
Mode: Merge
User Configuration (Enabled)
Administrative Templates
Control Panel/Display
Policy Setting
Password protect the screen saver Disabled
Screen Saver Enabled
Screen Saver executable name Enabled
Screen Saver executable name ssstars.scr
Policy Setting
Screen Saver timeout Disabled
When I use the modeling wizard, using my AD username, my computername, and
enabling loopback processing, the simulation reports that both policies are
being applied. However, when I log into my computer (using my AD username)
the "turn off" policy is not overriding the "turn on" policy (i.e. I don't
get the stars screensaver). If I change the security filtering to my AD
username (rather than my computername), I get the stars screensaver. But, of
course, this is not what I need to happen.
From what I've read from Microsoft and the various forums on the net, theloopback processing should be pretty straightforward. I have no idea what
I'm missing here. I've had one of our other IT network people work with me
on this and neither of us see what we are doing wrong.
Any help would be most appreciated.
Thanks in advance
Chuck
.
- Follow-Ups:
- Re: Loopback processing not working
- From: Paul Bergson [MVP-DS]
- Re: Loopback processing not working
- Prev by Date: RE: ScreenSaver timeout problem via GPO
- Next by Date: Re: Migrating NT accounts with SID History - What happens when old domain is removed?
- Previous by thread: AD query filter
- Next by thread: Re: Loopback processing not working
- Index(es):
Relevant Pages
|
