none
GPO to Launch Password Protected Screensaver after 15 mins of idle time activates at 5 mins.

    Question

  • I am experiencing a rather perplexing problem. I have (2) GPOs that enable and set the timeout period for password protected screensaver. One GPO sets the screensaver timeout to (300) and the other (900). However, despite what i believe to be correct membership assignment, ALL users get a timeout value of (300) despite what Group Policy Modeling tells me they should get.

    The screensaver timeout of (300) is being set in a Policy called RDS Lockdown as part of numerous settings designed to prevent users from making a mess of the RDS server. RDS Lockdown is being applied to all users EXCEPT those in the Domain Admins group. The screen saver timeout of (900) is being set in a GPO called RDS Timeout. This policy only applies to members of the AD Group RDS Timex. All members of this group are also members of other groups that would make them subject to both GPOs.

    To ensure members of the RDS Timex group received the correct timeout settings, I set the priority of the RDS Time out GPO to be highest of all GPOs. When I run a Group Policy Modeling wizard against users that are members of the RDS Timex group, the resulting policy looks correct; all settings relating to screen saver inactivity and password protection are being applied from the RDS Time Out GPO, not the RDS Lockdown GPO. yet EVERYONE except Domain Admins has the screen saver timeout kicking in after (300).

    Here is what the RDS Time Out GPO has set under User Configurtation\Policies\administrative templates\control panel\Personalization:

    Enable Screensaver: Enabled

    Force Specific Screensaver: Enabled (Mystify.scr)

    Password protect the screensaver: Enabled

    Screensaver timeout: Enabled (900)

    And Here is what RDS Lockdown has set :

    Enable Screensaver: Enabled

    Force Specific Screensaver: Enabled (Mystify.scr)

    Password protect the screensaver: Enabled

    Screensaver timeout: Enabled (300)

    Oh, forgot to mention ... This is a Windows 2012 R2 RDS server in a Windows 2012 R2 domain.

    Can anyone point me in the right direction to a fix? 



    • Edited by ManOfBronze Monday, February 2, 2015 8:37 PM
    Monday, February 2, 2015 8:33 PM

All replies

  • Run "gpresult /h report.html" on the computer in question to see what policy is applying the value. You likely have the ordering inverted on the GPO.

    Alan Burchill (MVP)
    http://www.grouppolicy.biz

    @alanburchill

    Monday, February 2, 2015 11:36 PM
  • Hi,

    Could you please let us know if you check the detail information according to the gpresult just as Alan indicated?

    If you have any concern, feel free to post us.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 5, 2015 7:18 AM
    Moderator