idle time exception

L

loo

I presently have idle time to disconnect set for 30 minutes via domain
controller security policy on 2000 sp4 .....is there anyway to make an
exception for administrators?

Would removing setting on the above then go into active directory ---
domain controllers -- properties --- group policy --- create a new group
policy object remove administrators and have policy only apply to user group
(would this then enforce on admins too) -- then in group policy in windows
settings --- security settings --- local policies -- security options and
change idle time limit?

And is there anyway by creating this new group policy object it will overide
the original group policy object .... i.e. if I remove administrators in the
second policy would I lose my abilities that are specified in the first
group policy object?

thanks for the help.
 
D

David Bullock [MSFT]

Hi Loo,
Please post this question to microsoft.public.win2000.active_directory for
best response.

--

David Bullock, MCSE, MCSA, A+
Windows NT/2000/2003 Setup Support

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit.
 
T

Tim Springston \(MSFT\)

If you have the idle time for disconnect setting set in a GPO that applies
to all users, and you want to exclude a group from having this group policy
from applying to them, you can give a Deny Apply Group Policy permission to
that user or group in the Security folder tab of the Properties window of
that GPO.

Keep in mind that when you do this you will be preventing the entire GPO
from processing for that user or group which has the Deny Apply Group Policy
permission. The end result will be that no other settings from that GPO
will apply to that user or group either.
 
L

loo

Thank you very much
Tim Springston (MSFT) said:
If you have the idle time for disconnect setting set in a GPO that applies
to all users, and you want to exclude a group from having this group policy
from applying to them, you can give a Deny Apply Group Policy permission to
that user or group in the Security folder tab of the Properties window of
that GPO.

Keep in mind that when you do this you will be preventing the entire GPO
from processing for that user or group which has the Deny Apply Group Policy
permission. The end result will be that no other settings from that GPO
will apply to that user or group either.

--
Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows XP Logon script location 3
Incorrect GPResult result 3
Group Policy Preferences not mapping Printer in only 1 XP workstat 1
W2k3 Local Policy editing problem - pls help 23
Group Policy Problems on new xp pro machine w/ SP3 1
user and administrator policies 2
Restored System State and now I can't open Local Security settings 1
New GPO are failing 4

Top