If you run GPRESULT on this system, does it show that the GPO to enable
screen saver is applied?
What you should be seeing is that this GPO is filtered out similar to
this:
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
ScreenSaver_Disable_GPO
Filtering: Not Applied (Unknown Reason)
Also, I agree that LoopBack processing should be enabled on the GPO, but I
don't think that is your problem right now.
YMMV
Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: [email protected]
Phone: 610-807-6459
Fax: 610-807-6003
From: David Lum <[email protected]>
To: "NT System Admin Issues" <[email protected]>
Date: 07/21/2011 02:26 PM
Subject: GPO inheritance puzzler
1. At the root of my domain I have a GPO to enable screen saver and
set the timeout. Link is enabled but not enforced.
2. Lower down in my OU tree is an OU with blocked inheritance in it,
and linked to that OU is a GPO to disable the screensaver.
If I look at GP Inheritance on this OU I see what I’d expect – the
enforced GPO’s and the one GPO disable screensaver GPO. In theory the
screensaver should be disabled. Both GPO’s have the user configuration set
for the screensaver
If I run GP modeling on a system in this blocked inheritance OU, the GPO
that enables screensaver and sets timeout shows up as an applied GPO, and
the settings tab shows that the screensaver enabled and settings.
Both GPO’s have “authenticated users” in security filtering. How does the
root one win out over being blocked and the OU-specific GPO in its place?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
-----------------------------------------
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law. If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited. If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments. Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
