Russ-
Not Configured essentially means 'do nothing', so to undo
an enabled setting, you have to set the downstream GPO to Disabled. In your
case, I'm assuming you're controlling the screensaver through User
Configuration|Admin Templates. If that's the case, then your deny ACEs need to
be on a user group, since its the users that process this policy.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, May 14, 2004 12:57 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] GPO troubles
Sensitivity: Private
We have password
protected screensavers enabled in our default domain policy, and then at a lower
OU level, I have a GPO linked that is set to Screen Savers "Not
configured". Basically, we want all users to have password protected
screensavers except a select few
machines.
So, I created a
security group called "No Screensaver" and added computer accounts that we don't
want screensavers to be enforced on. Then I went into our default domain
policy, and added deny read and deny apply gpo to this No Screensaver
group. The GPO that IS applied only to the No Screensaver group has all
the screen saver settings set to "Not configured" and the Password Protect the
Screensaver GPO is "Disabled".
Once a GPO is applied
to a PC, do you have to "Disable" it to unapply it, or will setting it to "Not
configured" put it back to normal?
I added my computer to
this No Screensaver group, and still my screen saver settings and buttons are
greyed out and it will not let me change it.
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |