none
Screen Saver and Interactive Logon RRS feed

  • Question

  • Hi All,

    In our organization we have enabled "Interactive logon Message" and "Screen Saver". This was enabled as per our management instructions.

    But we have a requirement from one of the Site which has manufacturing machines they don't need to enable the "Interactive Logon Message" and "Screen saver" the count of these machines are approx 10 machines and rest all are Office users machine on which we need to have "Interactive logon Message" and "Screen Saver".

    I would like to know is there any way where I can applied the same policy on bunch of computers and for 10 machines I can exclude.

    As we dont want to create a separate OU structure, Separate Group Policies for only 10 machines.

    Thanks


    Thanks HA

    Monday, July 29, 2013 5:27 AM

Answers

  • The best way to do this would be to add the 10 or so workstations to a Global Group in Active Directory (called something like Manufacturing Shop Floor Machines).

    Then, create a new GPO which overrides the Interactive logon message and screensaver settings, and link in wherever you need to in your OU Structure (clear the link enabled option for now so it doesn't interfere with other machines).  If this is the same level as your GPO which sets these settings for other workstations, make sure that your override GPO is higher in the Linked Group Policy Objects tab in your Group Policy Management console.

    Next, on the scope tab of your override GPO, remove the Authenticated Users Group, and add the new group you created for the computer accounts.  Then, just re-tick the link enabled option for your new GPO, and the new policy should override for these machines.

    This method won't have the performance impact of a WMI query, and won't make your AD Structure convoluted with extra OU's.

    • Marked as answer by Anup Ghonge Monday, July 29, 2013 5:08 PM
    Monday, July 29, 2013 1:36 PM
  • The recommended way for deploying another policy would be to place them in a separate OU.

    Otherwise you could use WMI filtering to exclude the 10 pc from the policy based on their hostnames. WMI filtering is per policy, not per setting, so you would still have to seperate the settings in another policy.

    http://technet.microsoft.com/en-us/library/cc779036%28v=ws.10%29.aspx

    Select * From Win32_ComputerSystem where (Name <> "etcetera" AND Name <>"etcetera2"...)


    However, allthough technically possible, it is, in my opninion, not a recommended configuration


    MCP/MCSA/MCTS/MCITP



    • Edited by SenneVL Monday, July 29, 2013 12:45 PM typo
    • Marked as answer by Anup Ghonge Monday, July 29, 2013 5:08 PM
    Monday, July 29, 2013 12:44 PM

All replies

  • The recommended way for deploying another policy would be to place them in a separate OU.

    Otherwise you could use WMI filtering to exclude the 10 pc from the policy based on their hostnames. WMI filtering is per policy, not per setting, so you would still have to seperate the settings in another policy.

    http://technet.microsoft.com/en-us/library/cc779036%28v=ws.10%29.aspx

    Select * From Win32_ComputerSystem where (Name <> "etcetera" AND Name <>"etcetera2"...)


    However, allthough technically possible, it is, in my opninion, not a recommended configuration


    MCP/MCSA/MCTS/MCITP



    • Edited by SenneVL Monday, July 29, 2013 12:45 PM typo
    • Marked as answer by Anup Ghonge Monday, July 29, 2013 5:08 PM
    Monday, July 29, 2013 12:44 PM
  • The best way to do this would be to add the 10 or so workstations to a Global Group in Active Directory (called something like Manufacturing Shop Floor Machines).

    Then, create a new GPO which overrides the Interactive logon message and screensaver settings, and link in wherever you need to in your OU Structure (clear the link enabled option for now so it doesn't interfere with other machines).  If this is the same level as your GPO which sets these settings for other workstations, make sure that your override GPO is higher in the Linked Group Policy Objects tab in your Group Policy Management console.

    Next, on the scope tab of your override GPO, remove the Authenticated Users Group, and add the new group you created for the computer accounts.  Then, just re-tick the link enabled option for your new GPO, and the new policy should override for these machines.

    This method won't have the performance impact of a WMI query, and won't make your AD Structure convoluted with extra OU's.

    • Marked as answer by Anup Ghonge Monday, July 29, 2013 5:08 PM
    Monday, July 29, 2013 1:36 PM