none
Computer based group policy to change display setting

Answers

All replies

  • Have you considered Group Policy Loopback Processing ?

    e.g.: http://evilgpo.blogspot.com.au/2012/02/loopback-demystified.html


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Sunday, March 08, 2015 11:49 PM
  • I have created a AD group  and put the 30 computers on that group inside an OU. I have created a GPO and linked that GPO to that OU. For computer side I have enable Administrative Template/System/Group policy- User Group Policy loopback precessing mode. And From User side I have configured Disable the display control Panel And Hide Setting Tab to Disable. In the Security Filtering I have added that particular computer group and in the Delegation tab (Advanced..) I have applied Read + Apply group policy to that particulat group.

    But Still log in users to that particular computers group can not change the Display settings

    Wednesday, March 11, 2015 9:49 PM
  • > Group Policy loopback precessing mode. And From User side I have
     
    "Replace" or "Merge"?
     
    > Disable. In the Security Filtering I have added that particular computer
    > group and in the Delegation tab (Advanced..) I have applied Read + Apply
    > group policy to that particulat group.
     
    Of course, if you want this GPO to apply to users, you need "Domain
    Users" in the security filtering, too :)
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Thursday, March 12, 2015 7:57 AM
  • @Martin,

    I have tried both with Replace and Merge.

    Of course I want to applied this GPO only to that particular group of computers.

    If I add users in the security filtering then it works for that particular users log in.

    But it does not work with computers if I add computers in the security filtering.



    • Edited by Alvi932 Thursday, March 12, 2015 8:09 AM
    Thursday, March 12, 2015 8:08 AM
  • User side I have configured Disable the display control Panel And Hide Setting Tab to Disable. In the Security Filtering I have added that particular computer group and in the Delegation tab (Advanced..) I have applied Read + Apply group policy to that particulat group.

    But Still log in users to that particular computers group can not change the Display settings

    These 30 computers - are these the computers where you want the users to be Allowed to change settings, or, Not-Allowed to change settings ?

    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Thursday, March 12, 2015 8:27 AM
    Thursday, March 12, 2015 8:26 AM
  • @Don,

    These 30 computers - are these the computers where I want the users to be Allowed to change settings

    Thursday, March 12, 2015 8:29 AM
  • @Don,

    These 30 computers - are these the computers where I want the users to be Allowed to change settings


    Umm, then you don't want to set the settings to "Disable.... and Hide...." for this scenario ?

    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Thursday, March 12, 2015 8:35 AM
  • > Of course I want to applied this GPO only to that particular group of
    > computers.
     
    No :) You want it to apply to all users logging on to that particular
    group of computers. So you enable loopback for those computers, and for
    this to work, you add the computer group to security filtering. And you
    configure the user settings, and for this to work, you MUST add domain
    users to security filtering....
     
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Thursday, March 12, 2015 10:54 AM
  • @Martin,

    I just want to make clear the scenerio.

    for examplme we have OU name" Marketing" which contains 100 windows 7 desktop computer.

    Inside this OU we have created 4 computer groups in the AD based on the computer location in the marketing department. for example MG1= 40 Computers, MG2= 30 Computers which have dual display, MG3= 15 computers and MG4= 15 Computes.

    There is a GPO applied to this "Marketing" OU which prevents users to change the control panel display settings.

    Now the situation is users log in to the MG2 needs to change the display settings. Thats why I have created a separed GPO "Display Config" GPO and linked with the "Marketing" OU. Then configured the Loopback processing mode in the computer side and associate user control panel setting in the user side. And added security filtering for MG2 computer group and from delegation control applied Read + Applied group policy.

    Now thing is if we add in any user in the security filtering, then  users can not  only  change MG2 but also can change display setting for all the computers in the Marketing OU (MG1, MG2, MG3, MG4).

    Friday, March 13, 2015 1:28 AM
  • > Now thing is if we add in any user in the security filtering, then
    > users can not  only  change MG2 but also can change display setting for
    > all the computers in the Marketing OU (MG1, MG2, MG3, MG4).
     
    Only if loopback is enabled on these other computers, too... You could
    create different OUs for those 4 groups instead of simply using security
    filtering.
     
    And to show you a different approach:
     
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Friday, March 13, 2015 8:24 AM