none
How to control when/where screen saver settings are applied

    Question

  • I have a group policy set to enable the screen saver and require the password to unlock it. This works fine except that it applies to the user everywhere they log on. I would like to have more control over where and when it is applied. For example, I would like it to not be applied to particular workstations. I would like it to not be applied on an RDP session to a server. In other words, how can I have machine-specific control over a user-specific setting?
    Friday, April 29, 2016 5:28 PM

Answers

All replies

  • Hello,

    The tool you need is a Group Policy Loopback processing: https://support.microsoft.com/en-us/kb/231287

    It gives you an ability to use User Configuration section of a GPPO that is applied to a computer object, hence do exactly what you need.

    In your scenario, you can create several GPOs with different screen saver settings. Assign them to the containers with somputer objects that you need and enable Loopback processing settings for each of them. You will most likely use Merge loobpack processing mode (you can read about differences between Merge and Replace in the article mentioned above).

    Regards


    Saturday, April 30, 2016 2:17 PM
  • Hi,

    I agree with above. You could use the Loopback processing to achieve your goal.

    In addition, you could restrict the machine that those users could logon if those users are used to logon remotely.

    To restrict these machines that those users could logon, you could set the Log On To on properties of users.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 02, 2016 8:21 AM
    Moderator
  • Tuesday, May 03, 2016 4:06 PM