none
Unable to locate group policy that is being applied

    Question

  • Hi 

    We have a GPO that is being applied which is configuring a lock screen (screensaver) to run every 10 minutes.

    I actually want to remove this policy however cannot find it. I have been through every GPO with the thinking that the policy may be embedded within another GPO with a different purpose, however i couldn't find it.

    The following registry setting is being assigned on the client-end after every gpupdate

    User level

    "

    Windows Registry Editor Version 5.00


    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]
    "SCRNSAVE.EXE"="%windir%\\system32\\scrnsave.scr"
    "ScreenSaveTimeOut"="600"
    "ScreenSaverIsSecure"="1"

    "

    I have ran a Gpresult and RSOP (from client end) and searched the group policy key in the registry on the DC to check the GPO history, however couldn't find anything.

    We are using Windows Server 2008 R2 and clients are using windows 7 x86 and x64.

    Any advice would be much appreciated.

    Thanks

    Matthew

    Tuesday, June 14, 2016 1:47 PM

Answers

All replies

  • > The following registry setting is being assigned on the client-end after
    > every gpupdate
     
    Then examine the "gpresult /h report.html" for the originating policy.
     Greetings/Grüße, Martin -
    Mal ein gutes Buch über GPOs lesen? -
    Good or bad GPOs? My blog - http://evilgpo.blogspot.com
    And if IT bothers me? Coke bottle design refreshment -
     
    Tuesday, June 14, 2016 2:56 PM
  • Hi,

    There is an easy way to check where it originates from. You can run gpedit.msc. YOu can then navigate to the screensaver settings at User Configuration\Administrative Templates\Control Panel\Display\

    You will see something like that:

    You can then pay attention to the icon near the setting. It can be like a server with a scroll or a piece of paper:

    The first one means that is is from a GPO the second one that it is configured locally. Once you have identified that it is configured by a GPO you can navigate to the same setting in RSOP and see what GPO it is originating from. If you see that it is local setting then you can change it right there.

    Regards

    Tuesday, June 14, 2016 3:39 PM
  • Hi All

    Thanks for the feedback so far, however there isn't a entry in RSOP or GPEDIT for the screensaver which is strange. 

    Tuesday, June 14, 2016 3:51 PM
  • There also isn't a policy for this when running gpresult /h report.html. However  i checked each GPO that was being applied (seen in report.html) but no joy
    Tuesday, June 14, 2016 3:55 PM
  • > There also isn't a policy for this when running gpresult /h report.html.
    > However  i checked each GPO that was being applied (seen in report.html)
    > but no joy
     
    Then things are getting complicated... Kidding :-)
     
    Delete the registry values. Enable GPSVC debug logging.
    Run process monitor with a filter for one of the keys.
    Then run gpupdate.
    In process monitor, identify the exact timestamp when the key is last
    written. In the gpsvc.log examine all entries that correspond to this
    timestamp.
     --
    Greetings/Grüße, Martin -
    Mal ein gutes Buch über GPOs lesen? -
    Good or bad GPOs? My blog - http://evilgpo.blogspot.com
    And if IT bothers me? Coke bottle design refreshment -
     
    Wednesday, June 15, 2016 7:24 AM
  • ok.

    Were all the machines built from an image? Is the setting baked into the local group policy on the machine?

    on one of the machines run gpedit.msc

    Go to User Configuration > Admin Templates > Control Panel > Personalization

    Check if anything is present there?

    Russ


    • Edited by russgs Wednesday, June 15, 2016 12:04 PM Grammar!
    Wednesday, June 15, 2016 12:02 PM