Blocking GPO policy

Microsoft Windows server v2003 r2 standa...
April 5, 2010 at 15:35:39
Specs: Windows 2008 R2, 4ghz/128gb
We have a GPO policy that automatically locks
user desktops after 30 minutes. We have a small
group of users that need to have their desktops
unlocked at all times. How can I exclude people
from this policy so that there desktops are not
locked out?

Thank you,

Leto the just


See More: Blocking GPO policy

Report •


#1
April 9, 2010 at 22:12:56
There are two ways to do this. One, would be to remove the Allow attribute from the Authenticated Users group in the GPO delegation, then apply the policy to the group(s) of users you want.

The other option would be to use the Deny permission to Deny permission to this specific group. Be careful with Deny as it will take precendence over any other permission.


Report •

#2
April 15, 2010 at 11:40:23
Couldn't we use loopback processing on the policy and only
apply it to a specific group of users?

Thank you,

Leto the just


Report •

#3
April 22, 2010 at 20:29:26
I'm not sure loopback would apply here. If I remember correctly, the settings you need are all User settings in the GPO, right? So do you want the policy applied based on the user that is logging in or based on the computer they are logging in to?

Is the following true? No matter what computer User1 logs in to, you want their desktop locked after 30 mins. of inactivity? If so, loopback processing wouldn't help.

Or, are you saying that if User 1 logs into a specific machine, then don't lock the desktop? In that case, loopback processing might be the ticket.

Either way, I think you'll need to come up with a group of user to whom you want this policy applied.


Report •

Related Solutions


Ask Question