idle time exception

  • Thread starter Thread starter loo
  • Start date Start date
L

loo

I presently have idle time to disconnect set for 30 minutes via domain
controller security policy on 2000 sp4 .....is there anyway to make an
exception for administrators?

Would removing setting on the above then go into active directory ---
domain controllers -- properties --- group policy --- create a new group
policy object remove administrators and have policy only apply to user group
(would this then enforce on admins too) -- then in group policy in windows
settings --- security settings --- local policies -- security options and
change idle time limit?

And is there anyway by creating this new group policy object it will overide
the original group policy object .... i.e. if I remove administrators in the
second policy would I lose my abilities that are specified in the first
group policy object?

thanks for the help.
 
Hi Loo,
Please post this question to microsoft.public.win2000.active_directory for
best response.

--

David Bullock, MCSE, MCSA, A+
Windows NT/2000/2003 Setup Support

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit.
 
If you have the idle time for disconnect setting set in a GPO that applies
to all users, and you want to exclude a group from having this group policy
from applying to them, you can give a Deny Apply Group Policy permission to
that user or group in the Security folder tab of the Properties window of
that GPO.

Keep in mind that when you do this you will be preventing the entire GPO
from processing for that user or group which has the Deny Apply Group Policy
permission. The end result will be that no other settings from that GPO
will apply to that user or group either.
 
Thank you very much
Tim Springston (MSFT) said:
If you have the idle time for disconnect setting set in a GPO that applies
to all users, and you want to exclude a group from having this group policy
from applying to them, you can give a Deny Apply Group Policy permission to
that user or group in the Security folder tab of the Properties window of
that GPO.

Keep in mind that when you do this you will be preventing the entire GPO
from processing for that user or group which has the Deny Apply Group Policy
permission. The end result will be that no other settings from that GPO
will apply to that user or group either.

--
Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Back
Top