S
Steve Stormont
I first tried to setup a default screensaver policy in the "Default
Domain Policy" but it was only sent out to some PCs. I then went ahead and
created a new GPO called "Screensaver Policy". In that policy, I have
changed the following settings:
User Configuration -> Administrative Templates -> Control Panel ->
Display
Hide Screen Saver tab = Enabled
Activate Screen saver = Enabled
Screen saver executable name = Enabled (logon.scr)
Password protect the screen saver = Enabled
Screen Saver Timeout = Enabled (1800 seconds)
Security on the policy only has a Universal Security Group which each
user is a member of and the group has "read" and "apply group policy"
permission set. ( I can use a security group for this, correct? I can't
only use an OU?)
The settings are being used on some PCs, but not others. I have tried
to run secedit /refreshpolicy user_policy /enforce and then waited ten
minutes. I then ran gpresult with the /s switch and got this:
The user received "Registry" settings from these GPOs:
Screensaver Policy
Revision Number: 5 (Active Directory) 0 (Sysvol)
Unique Name: {removed}
Domain Name: omni.imsweb.com
Linked to: Domain (DC=omni,DC=imsweb,DC=com)
But next it says:
The following settings were applied from: Screensaver Policy
And it doesn't list the actual keys like it does on other PCs.
I last made changes 1 1/2 days ago, so any changes should have
propogated by now (we have the default group policy refresh time set).
Possibly related, while looking at the results from gpresults, it shows
a old logon script specified and there are some old GPO Names that we don't
use anymore in the Application Management section. Where are they coming
from? They don't show up in the Current group Policy Object links for out
domain.
Steve
Domain Policy" but it was only sent out to some PCs. I then went ahead and
created a new GPO called "Screensaver Policy". In that policy, I have
changed the following settings:
User Configuration -> Administrative Templates -> Control Panel ->
Display
Hide Screen Saver tab = Enabled
Activate Screen saver = Enabled
Screen saver executable name = Enabled (logon.scr)
Password protect the screen saver = Enabled
Screen Saver Timeout = Enabled (1800 seconds)
Security on the policy only has a Universal Security Group which each
user is a member of and the group has "read" and "apply group policy"
permission set. ( I can use a security group for this, correct? I can't
only use an OU?)
The settings are being used on some PCs, but not others. I have tried
to run secedit /refreshpolicy user_policy /enforce and then waited ten
minutes. I then ran gpresult with the /s switch and got this:
The user received "Registry" settings from these GPOs:
Screensaver Policy
Revision Number: 5 (Active Directory) 0 (Sysvol)
Unique Name: {removed}
Domain Name: omni.imsweb.com
Linked to: Domain (DC=omni,DC=imsweb,DC=com)
But next it says:
The following settings were applied from: Screensaver Policy
And it doesn't list the actual keys like it does on other PCs.
I last made changes 1 1/2 days ago, so any changes should have
propogated by now (we have the default group policy refresh time set).
Possibly related, while looking at the results from gpresults, it shows
a old logon script specified and there are some old GPO Names that we don't
use anymore in the Application Management section. Where are they coming
from? They don't show up in the Current group Policy Object links for out
domain.
Steve