Disable Screen Saver Password for Machine

J

Jeff Smyrski

I am interested in disabling the screen saver password for one machine that
several users access under one log in. The problem that I have is if I
disable the password for this user based on the OU, then where ever the user
logs into which might be multiply machines the password protect option is
disabled.

I attempted then, to create a Machine policy for the OU only applying the
policy to the machine name, I moved the policy to the top of the list and
even attempted the no override option.

How can I enforce a no password policy for this machine while preserving the
password protection policy for the users logging in to multiple machines
including this one.?

Thanks
Jeff Smyrski
 
J

Joe Wu [MSFT]

Dear Jeff,

Thank you for your post and it is my pleasure to work with you again.

The Screen Saver "Password protected" setting is set in the following
registry entry:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure

When the value is set to "0" (zero), password protection for the screen
saver is turned off. When the value is set to "1", password protection for
the screen saver is turned on.

Therefore, we can try the following solution:

1. Log on as a common user and adjust the screen saver settings (disable
screen saver password protected setting).
2. Open registry editor and export the
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop] to a screensaver.reg file.
3. Open this screensaver.reg files in Notepad and delete unnecessary lines.
For example, we can use the following content:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"


4. Right-click the "Start" button and choose "Open All Users". Double-click
"Programs" and then double-click "Startup".
5. Then a Windows Explorer will open in a directory like the following:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

6. Copy the ScreenSaver.reg file to this folder.
7. Please use Notepad to create a ScreenSaver.bat file there. Please input
the following command in that ScreenSaver.bat file:

regedit /s ScreenSaver.reg

Then when a user logs on, the above command will be operated and disable
the Screen Saver password protection.

I have tested this solution in my lab. Thank you for keeping using our news
groups! Have a great day! :)

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|Subject: Disable Screen Saver Password for Machine
|Date: Thu, 9 Oct 2003 15:46:19 -0400
|Lines: 18
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14953
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|I am interested in disabling the screen saver password for one machine that
|several users access under one log in. The problem that I have is if I
|disable the password for this user based on the OU, then where ever the
user
|logs into which might be multiply machines the password protect option is
|disabled.
|
|I attempted then, to create a Machine policy for the OU only applying the
|policy to the machine name, I moved the policy to the top of the list and
|even attempted the no override option.
|
|How can I enforce a no password policy for this machine while preserving
the
|password protection policy for the users logging in to multiple machines
|including this one.?
|
|Thanks
|Jeff Smyrski
|
|
|
 
J

Jeff Smyrski

I understand what you are saying, but in reality this is the same as the
Active Directory Policy that I enforce on all of my users, in essence under
the USER->Administrative Templates->Control Panel->Display and the options
to enable the screen saver, to type in the name of the screen saver, which I
am using, logon.scr, the timeout, and event the "password" feature, which in
AD is something like OnResume...etc etc.

Which is no problem enforcing or not enforcing for a User...I would rather
enforce the script via a policy that is invisible to the user or the
machine, rather than adding a batch file to a startup menu. The registry
setting is the way to go, and I could create a VB script that would edit the
registry, but the trouble I am having is enforcing it to only the
machine...rather than the user, for example:

WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
"REG_SZ"

Now that I think about it, I am going to attempt this...in another script I
am already using which is looking at the machine name and uses a Select Case
to install a default printer, based on the machine for an Organizational
Unit, since different users cover each other's jobs in different
locations...lol I think I am answering my own questions.

Jeff Smyrski.


Joe Wu said:
Dear Jeff,

Thank you for your post and it is my pleasure to work with you again.

The Screen Saver "Password protected" setting is set in the following
registry entry:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure

When the value is set to "0" (zero), password protection for the screen
saver is turned off. When the value is set to "1", password protection for
the screen saver is turned on.

Therefore, we can try the following solution:

1. Log on as a common user and adjust the screen saver settings (disable
screen saver password protected setting).
2. Open registry editor and export the
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop] to a screensaver.reg file.
3. Open this screensaver.reg files in Notepad and delete unnecessary lines.
For example, we can use the following content:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"


4. Right-click the "Start" button and choose "Open All Users". Double-click
"Programs" and then double-click "Startup".
5. Then a Windows Explorer will open in a directory like the following:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

6. Copy the ScreenSaver.reg file to this folder.
7. Please use Notepad to create a ScreenSaver.bat file there. Please input
the following command in that ScreenSaver.bat file:

regedit /s ScreenSaver.reg

Then when a user logs on, the above command will be operated and disable
the Screen Saver password protection.

I have tested this solution in my lab. Thank you for keeping using our news
groups! Have a great day! :)

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|Subject: Disable Screen Saver Password for Machine
|Date: Thu, 9 Oct 2003 15:46:19 -0400
|Lines: 18
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14953
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|I am interested in disabling the screen saver password for one machine that
|several users access under one log in. The problem that I have is if I
|disable the password for this user based on the OU, then where ever the
user
|logs into which might be multiply machines the password protect option is
|disabled.
|
|I attempted then, to create a Machine policy for the OU only applying the
|policy to the machine name, I moved the policy to the top of the list and
|even attempted the no override option.
|
|How can I enforce a no password policy for this machine while preserving
the
|password protection policy for the users logging in to multiple machines
|including this one.?
|
|Thanks
|Jeff Smyrski
|
|
|
 
J

Joe Wu [MSFT]

Dear Jeff,

Thank you for your reply.

Yes, we can also adjust the existing script to apply these settings on only
one computer according to its computer name. It is easy to query the
computer name via VB script.

Set WshNetwork = WScript.CreateObject("WScript.Network")
sComputerName=WshNetwork.ComputerName

However, it is not the same as enabling the setting in a certain GPO.
Please note that we added this batch file (or a VBS script) in All Users'
startup folder. Therefore, no matter who logs on to that computer and what
his/her original screen saver settings' are, the batch/script will be
executed to disable the screen saver password protect. This method will not
affect other computers.

Please feel free to let me know if you need my further assistance. Thanks!

Regards,
-Joe

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Fri, 10 Oct 2003 09:37:58 -0400
|Lines: 135
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14985
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|I understand what you are saying, but in reality this is the same as the
|Active Directory Policy that I enforce on all of my users, in essence under
|the USER->Administrative Templates->Control Panel->Display and the options
|to enable the screen saver, to type in the name of the screen saver, which
I
|am using, logon.scr, the timeout, and event the "password" feature, which
in
|AD is something like OnResume...etc etc.
|
|Which is no problem enforcing or not enforcing for a User...I would rather
|enforce the script via a policy that is invisible to the user or the
|machine, rather than adding a batch file to a startup menu. The registry
|setting is the way to go, and I could create a VB script that would edit
the
|registry, but the trouble I am having is enforcing it to only the
|machine...rather than the user, for example:
|
|WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
|"REG_SZ"
|
|Now that I think about it, I am going to attempt this...in another script I
|am already using which is looking at the machine name and uses a Select
Case
|to install a default printer, based on the machine for an Organizational
|Unit, since different users cover each other's jobs in different
|locations...lol I think I am answering my own questions.
|
|Jeff Smyrski.
|
|
||> Dear Jeff,
|>
|> Thank you for your post and it is my pleasure to work with you again.
|>
|> The Screen Saver "Password protected" setting is set in the following
|> registry entry:
|>
|> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> Panel\Desktop\ScreenSaverIsSecure
|>
|> When the value is set to "0" (zero), password protection for the screen
|> saver is turned off. When the value is set to "1", password protection
for
|> the screen saver is turned on.
|>
|> Therefore, we can try the following solution:
|>
|> 1. Log on as a common user and adjust the screen saver settings (disable
|> screen saver password protected setting).
|> 2. Open registry editor and export the
|> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> Panel\Desktop] to a screensaver.reg file.
|> 3. Open this screensaver.reg files in Notepad and delete unnecessary
|lines.
|> For example, we can use the following content:
|>
|> Windows Registry Editor Version 5.00
|>
|> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> "ScreenSaverIsSecure"="0"
|>
|>
|> 4. Right-click the "Start" button and choose "Open All Users".
|Double-click
|> "Programs" and then double-click "Startup".
|> 5. Then a Windows Explorer will open in a directory like the following:
|>
|> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|>
|> 6. Copy the ScreenSaver.reg file to this folder.
|> 7. Please use Notepad to create a ScreenSaver.bat file there. Please
input
|> the following command in that ScreenSaver.bat file:
|>
|> regedit /s ScreenSaver.reg
|>
|> Then when a user logs on, the above command will be operated and disable
|> the Screen Saver password protection.
|>
|> I have tested this solution in my lab. Thank you for keeping using our
|news
|> groups! Have a great day! :)
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |Subject: Disable Screen Saver Password for Machine
|> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |Lines: 18
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14953
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |I am interested in disabling the screen saver password for one machine
|that
|> |several users access under one log in. The problem that I have is if I
|> |disable the password for this user based on the OU, then where ever the
|> user
|> |logs into which might be multiply machines the password protect option
is
|> |disabled.
|> |
|> |I attempted then, to create a Machine policy for the OU only applying
the
|> |policy to the machine name, I moved the policy to the top of the list
and
|> |even attempted the no override option.
|> |
|> |How can I enforce a no password policy for this machine while preserving
|> the
|> |password protection policy for the users logging in to multiple machines
|> |including this one.?
|> |
|> |Thanks
|> |Jeff Smyrski
|> |
|> |
|> |
|>
|
|
|
 
J

Jeff Smyrski

So, I guess I am lost, does the following vbscript work for what I want it
to do?
This is the logon script for all users in this particular group...which also
selectivly maps the default printer.

In my model I have two cross trained secretaries that will log onto 3
different workstations, in diff, locations, with diff printers available. I
figure that I am already detecting the workstation in order to perform these
steps, will adding the network line under the Case Station_131 work in this
senerio. Also, I have moved the policy to the top of the list and checked
the no override option...to preserve the setting from other policies.
Please let me know.
Jeff Smyrski

Set WshNetwork = WScript.CreateObject("WScript.Network")
Set WshShell = WScript.CreateObject("WScript.Shell")
Select Case WshNetwork.ComputerName
Case "STATION_120"
PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
PinterDriver = "HP LaserJet 5000 Series PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver

PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
PrinterDriver = "HP LaserJet 4 Plus"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver

WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
Case "STATION_131"
PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"

WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
0, "REG_SZ"

Case Else
PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
End Select

Joe Wu said:
Dear Jeff,

Thank you for your reply.

Yes, we can also adjust the existing script to apply these settings on only
one computer according to its computer name. It is easy to query the
computer name via VB script.

Set WshNetwork = WScript.CreateObject("WScript.Network")
sComputerName=WshNetwork.ComputerName

However, it is not the same as enabling the setting in a certain GPO.
Please note that we added this batch file (or a VBS script) in All Users'
startup folder. Therefore, no matter who logs on to that computer and what
his/her original screen saver settings' are, the batch/script will be
executed to disable the screen saver password protect. This method will not
affect other computers.

Please feel free to let me know if you need my further assistance. Thanks!

Regards,
-Joe

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Fri, 10 Oct 2003 09:37:58 -0400
|Lines: 135
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14985
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|I understand what you are saying, but in reality this is the same as the
|Active Directory Policy that I enforce on all of my users, in essence under
|the USER->Administrative Templates->Control Panel->Display and the options
|to enable the screen saver, to type in the name of the screen saver, which
I
|am using, logon.scr, the timeout, and event the "password" feature, which
in
|AD is something like OnResume...etc etc.
|
|Which is no problem enforcing or not enforcing for a User...I would rather
|enforce the script via a policy that is invisible to the user or the
|machine, rather than adding a batch file to a startup menu. The registry
|setting is the way to go, and I could create a VB script that would edit
the
|registry, but the trouble I am having is enforcing it to only the
|machine...rather than the user, for example:
|
|WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
|"REG_SZ"
|
|Now that I think about it, I am going to attempt this...in another script I
|am already using which is looking at the machine name and uses a Select
Case
|to install a default printer, based on the machine for an Organizational
|Unit, since different users cover each other's jobs in different
|locations...lol I think I am answering my own questions.
|
|Jeff Smyrski.
|
|
||> Dear Jeff,
|>
|> Thank you for your post and it is my pleasure to work with you again.
|>
|> The Screen Saver "Password protected" setting is set in the following
|> registry entry:
|>
|> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> Panel\Desktop\ScreenSaverIsSecure
|>
|> When the value is set to "0" (zero), password protection for the screen
|> saver is turned off. When the value is set to "1", password protection
for
|> the screen saver is turned on.
|>
|> Therefore, we can try the following solution:
|>
|> 1. Log on as a common user and adjust the screen saver settings (disable
|> screen saver password protected setting).
|> 2. Open registry editor and export the
|> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> Panel\Desktop] to a screensaver.reg file.
|> 3. Open this screensaver.reg files in Notepad and delete unnecessary
|lines.
|> For example, we can use the following content:
|>
|> Windows Registry Editor Version 5.00
|>
|> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> "ScreenSaverIsSecure"="0"
|>
|>
|> 4. Right-click the "Start" button and choose "Open All Users".
|Double-click
|> "Programs" and then double-click "Startup".
|> 5. Then a Windows Explorer will open in a directory like the following:
|>
|> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|>
|> 6. Copy the ScreenSaver.reg file to this folder.
|> 7. Please use Notepad to create a ScreenSaver.bat file there. Please
input
|> the following command in that ScreenSaver.bat file:
|>
|> regedit /s ScreenSaver.reg
|>
|> Then when a user logs on, the above command will be operated and disable
|> the Screen Saver password protection.
|>
|> I have tested this solution in my lab. Thank you for keeping using our
|news
|> groups! Have a great day! :)
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |Subject: Disable Screen Saver Password for Machine
|> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |Lines: 18
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14953
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |I am interested in disabling the screen saver password for one machine
|that
|> |several users access under one log in. The problem that I have is if I
|> |disable the password for this user based on the OU, then where ever the
|> user
|> |logs into which might be multiply machines the password protect option
is
|> |disabled.
|> |
|> |I attempted then, to create a Machine policy for the OU only applying
the
|> |policy to the machine name, I moved the policy to the top of the list
and
|> |even attempted the no override option.
|> |
|> |How can I enforce a no password policy for this machine while preserving
|> the
|> |password protection policy for the users logging in to multiple machines
|> |including this one.?
|> |
|> |Thanks
|> |Jeff Smyrski
|> |
|> |
|> |
|>
|
|
|
 
J

Joe Wu [MSFT]

Dear Jeff,

Thank you for your reply. Yes, I think that this method should also work.
Beside, I would like to provide two suggestions:

1. The usage of AddWindowsPrinterConnection is not the same in different
operating systems:

Windows NT/2000:
object.AddWindowsPrinterConnection(
strPrinterPath
)
Windows 9x/Me:
object.AddWindowsPrinterConnection(
strPrinterPath,
strDriverName[,strPort]
)

Therefore, if the clients are Windows NT or Windows 2000, we can use only
one argument.

2. SetDefaultPrinter() should use the same argument as
AddWindowsPrinterConnection().

So we can use the following code for Windows 2000 systems:

Set WshNetwork = WScript.CreateObject("WScript.Network")
PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath
WshNetwork.SetDefaultPrinter PrinterPath

Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Tue, 14 Oct 2003 16:13:41 -0400
|Lines: 264
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <uybdq#[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15129
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|So, I guess I am lost, does the following vbscript work for what I want it
|to do?
|This is the logon script for all users in this particular group...which
also
|selectivly maps the default printer.
|
|In my model I have two cross trained secretaries that will log onto 3
|different workstations, in diff, locations, with diff printers available.
I
|figure that I am already detecting the workstation in order to perform
these
|steps, will adding the network line under the Case Station_131 work in this
|senerio. Also, I have moved the policy to the top of the list and checked
|the no override option...to preserve the setting from other policies.
|Please let me know.
|Jeff Smyrski
|
|Set WshNetwork = WScript.CreateObject("WScript.Network")
|Set WshShell = WScript.CreateObject("WScript.Shell")
|Select Case WshNetwork.ComputerName
| Case "STATION_120"
| PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
| PinterDriver = "HP LaserJet 5000 Series PCL 6"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
| PrinterDriver = "HP LaserJet 4 Plus"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
| Case "STATION_131"
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|
| WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
|0, "REG_SZ"
|
|Case Else
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|End Select
|
||> Dear Jeff,
|>
|> Thank you for your reply.
|>
|> Yes, we can also adjust the existing script to apply these settings on
|only
|> one computer according to its computer name. It is easy to query the
|> computer name via VB script.
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> sComputerName=WshNetwork.ComputerName
|>
|> However, it is not the same as enabling the setting in a certain GPO.
|> Please note that we added this batch file (or a VBS script) in All Users'
|> startup folder. Therefore, no matter who logs on to that computer and
what
|> his/her original screen saver settings' are, the batch/script will be
|> executed to disable the screen saver password protect. This method will
|not
|> affect other computers.
|>
|> Please feel free to let me know if you need my further assistance.
Thanks!
|>
|> Regards,
|> -Joe
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |Lines: 135
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14985
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |I understand what you are saying, but in reality this is the same as the
|> |Active Directory Policy that I enforce on all of my users, in essence
|under
|> |the USER->Administrative Templates->Control Panel->Display and the
|options
|> |to enable the screen saver, to type in the name of the screen saver,
|which
|> I
|> |am using, logon.scr, the timeout, and event the "password" feature,
which
|> in
|> |AD is something like OnResume...etc etc.
|> |
|> |Which is no problem enforcing or not enforcing for a User...I would
|rather
|> |enforce the script via a policy that is invisible to the user or the
|> |machine, rather than adding a batch file to a startup menu. The
registry
|> |setting is the way to go, and I could create a VB script that would edit
|> the
|> |registry, but the trouble I am having is enforcing it to only the
|> |machine...rather than the user, for example:
|> |
|> |WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
|> |"REG_SZ"
|> |
|> |Now that I think about it, I am going to attempt this...in another
script
|I
|> |am already using which is looking at the machine name and uses a Select
|> Case
|> |to install a default printer, based on the machine for an Organizational
|> |Unit, since different users cover each other's jobs in different
|> |locations...lol I think I am answering my own questions.
|> |
|> |Jeff Smyrski.
|> |
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your post and it is my pleasure to work with you again.
|> |>
|> |> The Screen Saver "Password protected" setting is set in the following
|> |> registry entry:
|> |>
|> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop\ScreenSaverIsSecure
|> |>
|> |> When the value is set to "0" (zero), password protection for the
|screen
|> |> saver is turned off. When the value is set to "1", password protection
|> for
|> |> the screen saver is turned on.
|> |>
|> |> Therefore, we can try the following solution:
|> |>
|> |> 1. Log on as a common user and adjust the screen saver settings
|(disable
|> |> screen saver password protected setting).
|> |> 2. Open registry editor and export the
|> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop] to a screensaver.reg file.
|> |> 3. Open this screensaver.reg files in Notepad and delete unnecessary
|> |lines.
|> |> For example, we can use the following content:
|> |>
|> |> Windows Registry Editor Version 5.00
|> |>
|> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> "ScreenSaverIsSecure"="0"
|> |>
|> |>
|> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |Double-click
|> |> "Programs" and then double-click "Startup".
|> |> 5. Then a Windows Explorer will open in a directory like the
following:
|> |>
|> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |>
|> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> 7. Please use Notepad to create a ScreenSaver.bat file there. Please
|> input
|> |> the following command in that ScreenSaver.bat file:
|> |>
|> |> regedit /s ScreenSaver.reg
|> |>
|> |> Then when a user logs on, the above command will be operated and
|disable
|> |> the Screen Saver password protection.
|> |>
|> |> I have tested this solution in my lab. Thank you for keeping using our
|> |news
|> |> groups! Have a great day! :)
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |Subject: Disable Screen Saver Password for Machine
|> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |Lines: 18
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:14953
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |I am interested in disabling the screen saver password for one
machine
|> |that
|> |> |several users access under one log in. The problem that I have is if
|I
|> |> |disable the password for this user based on the OU, then where ever
|the
|> |> user
|> |> |logs into which might be multiply machines the password protect
option
|> is
|> |> |disabled.
|> |> |
|> |> |I attempted then, to create a Machine policy for the OU only applying
|> the
|> |> |policy to the machine name, I moved the policy to the top of the list
|> and
|> |> |even attempted the no override option.
|> |> |
|> |> |How can I enforce a no password policy for this machine while
|preserving
|> |> the
|> |> |password protection policy for the users logging in to multiple
|machines
|> |> |including this one.?
|> |> |
|> |> |Thanks
|> |> |Jeff Smyrski
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 
J

Jeff Smyrski

You kind of lost me on the reasoning behind the NT and Windows 2000 info, I
say this, because I want you to refer to the following KB article and notice
a couple of items, one is the OS that this applies to, the other is the
logic / method that Microsoft is publishing as the How To...

This was the method I used and it seems to work, but it was also the only
method I could find in TechNet that seemed to apply. If there is a better
way, or another KB, please let me know. I am strictly using these scripts
as part of the logon scripts applied via windows 2000 in a GPO...no 9x or ME
clients apply in this model.

Another question I have in regard to this is the share info, I noticed that
I entered the as the Printer Path the full name of the printer on the Print
Server, but when I set the default printer I used the Share Name...does this
matter? Or is this one of those if it isn't broke don't fix it things...I
appreciate the help.

Jeff Smyrski

Joe Wu said:
Dear Jeff,

Thank you for your reply. Yes, I think that this method should also work.
Beside, I would like to provide two suggestions:

1. The usage of AddWindowsPrinterConnection is not the same in different
operating systems:

Windows NT/2000:
object.AddWindowsPrinterConnection(
strPrinterPath
)
Windows 9x/Me:
object.AddWindowsPrinterConnection(
strPrinterPath,
strDriverName[,strPort]
)

Therefore, if the clients are Windows NT or Windows 2000, we can use only
one argument.

2. SetDefaultPrinter() should use the same argument as
AddWindowsPrinterConnection().

So we can use the following code for Windows 2000 systems:

Set WshNetwork = WScript.CreateObject("WScript.Network")
PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath
WshNetwork.SetDefaultPrinter PrinterPath

Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Tue, 14 Oct 2003 16:13:41 -0400
|Lines: 264
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <uybdq#[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15129
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|So, I guess I am lost, does the following vbscript work for what I want it
|to do?
|This is the logon script for all users in this particular group...which
also
|selectivly maps the default printer.
|
|In my model I have two cross trained secretaries that will log onto 3
|different workstations, in diff, locations, with diff printers available.
I
|figure that I am already detecting the workstation in order to perform
these
|steps, will adding the network line under the Case Station_131 work in this
|senerio. Also, I have moved the policy to the top of the list and checked
|the no override option...to preserve the setting from other policies.
|Please let me know.
|Jeff Smyrski
|
|Set WshNetwork = WScript.CreateObject("WScript.Network")
|Set WshShell = WScript.CreateObject("WScript.Shell")
|Select Case WshNetwork.ComputerName
| Case "STATION_120"
| PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
| PinterDriver = "HP LaserJet 5000 Series PCL 6"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
| PrinterDriver = "HP LaserJet 4 Plus"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
| Case "STATION_131"
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|
| WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
|0, "REG_SZ"
|
|Case Else
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|End Select
|
||> Dear Jeff,
|>
|> Thank you for your reply.
|>
|> Yes, we can also adjust the existing script to apply these settings on
|only
|> one computer according to its computer name. It is easy to query the
|> computer name via VB script.
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> sComputerName=WshNetwork.ComputerName
|>
|> However, it is not the same as enabling the setting in a certain GPO.
|> Please note that we added this batch file (or a VBS script) in All Users'
|> startup folder. Therefore, no matter who logs on to that computer and
what
|> his/her original screen saver settings' are, the batch/script will be
|> executed to disable the screen saver password protect. This method will
|not
|> affect other computers.
|>
|> Please feel free to let me know if you need my further assistance.
Thanks!
|>
|> Regards,
|> -Joe
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |Lines: 135
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14985
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |I understand what you are saying, but in reality this is the same as the
|> |Active Directory Policy that I enforce on all of my users, in essence
|under
|> |the USER->Administrative Templates->Control Panel->Display and the
|options
|> |to enable the screen saver, to type in the name of the screen saver,
|which
|> I
|> |am using, logon.scr, the timeout, and event the "password" feature,
which
|> in
|> |AD is something like OnResume...etc etc.
|> |
|> |Which is no problem enforcing or not enforcing for a User...I would
|rather
|> |enforce the script via a policy that is invisible to the user or the
|> |machine, rather than adding a batch file to a startup menu. The
registry
|> |setting is the way to go, and I could create a VB script that would edit
|> the
|> |registry, but the trouble I am having is enforcing it to only the
|> |machine...rather than the user, for example:
|> |
|> |WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
|> |"REG_SZ"
|> |
|> |Now that I think about it, I am going to attempt this...in another
script
|I
|> |am already using which is looking at the machine name and uses a Select
|> Case
|> |to install a default printer, based on the machine for an Organizational
|> |Unit, since different users cover each other's jobs in different
|> |locations...lol I think I am answering my own questions.
|> |
|> |Jeff Smyrski.
|> |
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your post and it is my pleasure to work with you again.
|> |>
|> |> The Screen Saver "Password protected" setting is set in the following
|> |> registry entry:
|> |>
|> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop\ScreenSaverIsSecure
|> |>
|> |> When the value is set to "0" (zero), password protection for the
|screen
|> |> saver is turned off. When the value is set to "1", password protection
|> for
|> |> the screen saver is turned on.
|> |>
|> |> Therefore, we can try the following solution:
|> |>
|> |> 1. Log on as a common user and adjust the screen saver settings
|(disable
|> |> screen saver password protected setting).
|> |> 2. Open registry editor and export the
|> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop] to a screensaver.reg file.
|> |> 3. Open this screensaver.reg files in Notepad and delete unnecessary
|> |lines.
|> |> For example, we can use the following content:
|> |>
|> |> Windows Registry Editor Version 5.00
|> |>
|> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> "ScreenSaverIsSecure"="0"
|> |>
|> |>
|> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |Double-click
|> |> "Programs" and then double-click "Startup".
|> |> 5. Then a Windows Explorer will open in a directory like the
following:
|> |>
|> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |>
|> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> 7. Please use Notepad to create a ScreenSaver.bat file there. Please
|> input
|> |> the following command in that ScreenSaver.bat file:
|> |>
|> |> regedit /s ScreenSaver.reg
|> |>
|> |> Then when a user logs on, the above command will be operated and
|disable
|> |> the Screen Saver password protection.
|> |>
|> |> I have tested this solution in my lab. Thank you for keeping using our
|> |news
|> |> groups! Have a great day! :)
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |Subject: Disable Screen Saver Password for Machine
|> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |Lines: 18
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:14953
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |I am interested in disabling the screen saver password for one
machine
|> |that
|> |> |several users access under one log in. The problem that I have is if
|I
|> |> |disable the password for this user based on the OU, then where ever
|the
|> |> user
|> |> |logs into which might be multiply machines the password protect
option
|> is
|> |> |disabled.
|> |> |
|> |> |I attempted then, to create a Machine policy for the OU only applying
|> the
|> |> |policy to the machine name, I moved the policy to the top of the list
|> and
|> |> |even attempted the no override option.
|> |> |
|> |> |How can I enforce a no password policy for this machine while
|preserving
|> |> the
|> |> |password protection policy for the users logging in to multiple
|machines
|> |> |including this one.?
|> |> |
|> |> |Thanks
|> |> |Jeff Smyrski
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 
J

Jeff Smyrski

Also, I prefer making this change via a VB script instead of a BAT file, for
two reasons, one is that if I put the bat file in the all users which will
edit the key on startup, after the user logs in, the user would need to have
some type of registry edit permissions for the key(s) I want to change (I
think...) The other takes place while they are logging on, much like a
policy edits the system without a user having to have these same rights.
The second reason, it that it is hidden to the users of that workstation,
and it preserves my ability to restrict or allow this setting based on
certain groups rather than all users...
Thanks
Jeff Smyrski

Joe Wu said:
Dear Jeff,

Thank you for your reply. Yes, I think that this method should also work.
Beside, I would like to provide two suggestions:

1. The usage of AddWindowsPrinterConnection is not the same in different
operating systems:

Windows NT/2000:
object.AddWindowsPrinterConnection(
strPrinterPath
)
Windows 9x/Me:
object.AddWindowsPrinterConnection(
strPrinterPath,
strDriverName[,strPort]
)

Therefore, if the clients are Windows NT or Windows 2000, we can use only
one argument.

2. SetDefaultPrinter() should use the same argument as
AddWindowsPrinterConnection().

So we can use the following code for Windows 2000 systems:

Set WshNetwork = WScript.CreateObject("WScript.Network")
PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath
WshNetwork.SetDefaultPrinter PrinterPath

Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Tue, 14 Oct 2003 16:13:41 -0400
|Lines: 264
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <uybdq#[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15129
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|So, I guess I am lost, does the following vbscript work for what I want it
|to do?
|This is the logon script for all users in this particular group...which
also
|selectivly maps the default printer.
|
|In my model I have two cross trained secretaries that will log onto 3
|different workstations, in diff, locations, with diff printers available.
I
|figure that I am already detecting the workstation in order to perform
these
|steps, will adding the network line under the Case Station_131 work in this
|senerio. Also, I have moved the policy to the top of the list and checked
|the no override option...to preserve the setting from other policies.
|Please let me know.
|Jeff Smyrski
|
|Set WshNetwork = WScript.CreateObject("WScript.Network")
|Set WshShell = WScript.CreateObject("WScript.Shell")
|Select Case WshNetwork.ComputerName
| Case "STATION_120"
| PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
| PinterDriver = "HP LaserJet 5000 Series PCL 6"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
| PrinterDriver = "HP LaserJet 4 Plus"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
| Case "STATION_131"
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|
| WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
|0, "REG_SZ"
|
|Case Else
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|End Select
|
||> Dear Jeff,
|>
|> Thank you for your reply.
|>
|> Yes, we can also adjust the existing script to apply these settings on
|only
|> one computer according to its computer name. It is easy to query the
|> computer name via VB script.
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> sComputerName=WshNetwork.ComputerName
|>
|> However, it is not the same as enabling the setting in a certain GPO.
|> Please note that we added this batch file (or a VBS script) in All Users'
|> startup folder. Therefore, no matter who logs on to that computer and
what
|> his/her original screen saver settings' are, the batch/script will be
|> executed to disable the screen saver password protect. This method will
|not
|> affect other computers.
|>
|> Please feel free to let me know if you need my further assistance.
Thanks!
|>
|> Regards,
|> -Joe
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |Lines: 135
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14985
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |I understand what you are saying, but in reality this is the same as the
|> |Active Directory Policy that I enforce on all of my users, in essence
|under
|> |the USER->Administrative Templates->Control Panel->Display and the
|options
|> |to enable the screen saver, to type in the name of the screen saver,
|which
|> I
|> |am using, logon.scr, the timeout, and event the "password" feature,
which
|> in
|> |AD is something like OnResume...etc etc.
|> |
|> |Which is no problem enforcing or not enforcing for a User...I would
|rather
|> |enforce the script via a policy that is invisible to the user or the
|> |machine, rather than adding a batch file to a startup menu. The
registry
|> |setting is the way to go, and I could create a VB script that would edit
|> the
|> |registry, but the trouble I am having is enforcing it to only the
|> |machine...rather than the user, for example:
|> |
|> |WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
|> |"REG_SZ"
|> |
|> |Now that I think about it, I am going to attempt this...in another
script
|I
|> |am already using which is looking at the machine name and uses a Select
|> Case
|> |to install a default printer, based on the machine for an Organizational
|> |Unit, since different users cover each other's jobs in different
|> |locations...lol I think I am answering my own questions.
|> |
|> |Jeff Smyrski.
|> |
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your post and it is my pleasure to work with you again.
|> |>
|> |> The Screen Saver "Password protected" setting is set in the following
|> |> registry entry:
|> |>
|> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop\ScreenSaverIsSecure
|> |>
|> |> When the value is set to "0" (zero), password protection for the
|screen
|> |> saver is turned off. When the value is set to "1", password protection
|> for
|> |> the screen saver is turned on.
|> |>
|> |> Therefore, we can try the following solution:
|> |>
|> |> 1. Log on as a common user and adjust the screen saver settings
|(disable
|> |> screen saver password protected setting).
|> |> 2. Open registry editor and export the
|> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop] to a screensaver.reg file.
|> |> 3. Open this screensaver.reg files in Notepad and delete unnecessary
|> |lines.
|> |> For example, we can use the following content:
|> |>
|> |> Windows Registry Editor Version 5.00
|> |>
|> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> "ScreenSaverIsSecure"="0"
|> |>
|> |>
|> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |Double-click
|> |> "Programs" and then double-click "Startup".
|> |> 5. Then a Windows Explorer will open in a directory like the
following:
|> |>
|> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |>
|> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> 7. Please use Notepad to create a ScreenSaver.bat file there. Please
|> input
|> |> the following command in that ScreenSaver.bat file:
|> |>
|> |> regedit /s ScreenSaver.reg
|> |>
|> |> Then when a user logs on, the above command will be operated and
|disable
|> |> the Screen Saver password protection.
|> |>
|> |> I have tested this solution in my lab. Thank you for keeping using our
|> |news
|> |> groups! Have a great day! :)
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |Subject: Disable Screen Saver Password for Machine
|> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |Lines: 18
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:14953
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |I am interested in disabling the screen saver password for one
machine
|> |that
|> |> |several users access under one log in. The problem that I have is if
|I
|> |> |disable the password for this user based on the OU, then where ever
|the
|> |> user
|> |> |logs into which might be multiply machines the password protect
option
|> is
|> |> |disabled.
|> |> |
|> |> |I attempted then, to create a Machine policy for the OU only applying
|> the
|> |> |policy to the machine name, I moved the policy to the top of the list
|> and
|> |> |even attempted the no override option.
|> |> |
|> |> |How can I enforce a no password policy for this machine while
|preserving
|> |> the
|> |> |password protection policy for the users logging in to multiple
|machines
|> |> |including this one.?
|> |> |
|> |> |Thanks
|> |> |Jeff Smyrski
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 
J

Jeff Smyrski

Okay Joe, another snafu as it were.
You saw my script, it must set the registry value, but it seems that the
screen saver is still enabled.

Perhaps not at first, but it seems that after a while the domain policy
and group policys are re-applied wiping out the setting I make, I assume
this would be the case with either this script or a registry batch file in
the startup, if the key is changed, somehow over time the policy is
resetting it back.

Any ideas, how or why this would be happening?

Jeff Smyrski

Joe Wu said:
Dear Jeff,

Thank you for your reply. Yes, I think that this method should also work.
Beside, I would like to provide two suggestions:

1. The usage of AddWindowsPrinterConnection is not the same in different
operating systems:

Windows NT/2000:
object.AddWindowsPrinterConnection(
strPrinterPath
)
Windows 9x/Me:
object.AddWindowsPrinterConnection(
strPrinterPath,
strDriverName[,strPort]
)

Therefore, if the clients are Windows NT or Windows 2000, we can use only
one argument.

2. SetDefaultPrinter() should use the same argument as
AddWindowsPrinterConnection().

So we can use the following code for Windows 2000 systems:

Set WshNetwork = WScript.CreateObject("WScript.Network")
PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath
WshNetwork.SetDefaultPrinter PrinterPath

Thank you for using our news groups!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Tue, 14 Oct 2003 16:13:41 -0400
|Lines: 264
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <uybdq#[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15129
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|So, I guess I am lost, does the following vbscript work for what I want it
|to do?
|This is the logon script for all users in this particular group...which
also
|selectivly maps the default printer.
|
|In my model I have two cross trained secretaries that will log onto 3
|different workstations, in diff, locations, with diff printers available.
I
|figure that I am already detecting the workstation in order to perform
these
|steps, will adding the network line under the Case Station_131 work in this
|senerio. Also, I have moved the policy to the top of the list and checked
|the no override option...to preserve the setting from other policies.
|Please let me know.
|Jeff Smyrski
|
|Set WshNetwork = WScript.CreateObject("WScript.Network")
|Set WshShell = WScript.CreateObject("WScript.Shell")
|Select Case WshNetwork.ComputerName
| Case "STATION_120"
| PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
| PinterDriver = "HP LaserJet 5000 Series PCL 6"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
| PrinterDriver = "HP LaserJet 4 Plus"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|
| WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
| Case "STATION_131"
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|
| WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
|0, "REG_SZ"
|
|Case Else
| PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
| PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
| WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
| WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|End Select
|
||> Dear Jeff,
|>
|> Thank you for your reply.
|>
|> Yes, we can also adjust the existing script to apply these settings on
|only
|> one computer according to its computer name. It is easy to query the
|> computer name via VB script.
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> sComputerName=WshNetwork.ComputerName
|>
|> However, it is not the same as enabling the setting in a certain GPO.
|> Please note that we added this batch file (or a VBS script) in All Users'
|> startup folder. Therefore, no matter who logs on to that computer and
what
|> his/her original screen saver settings' are, the batch/script will be
|> executed to disable the screen saver password protect. This method will
|not
|> affect other computers.
|>
|> Please feel free to let me know if you need my further assistance.
Thanks!
|>
|> Regards,
|> -Joe
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |Lines: 135
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:14985
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |I understand what you are saying, but in reality this is the same as the
|> |Active Directory Policy that I enforce on all of my users, in essence
|under
|> |the USER->Administrative Templates->Control Panel->Display and the
|options
|> |to enable the screen saver, to type in the name of the screen saver,
|which
|> I
|> |am using, logon.scr, the timeout, and event the "password" feature,
which
|> in
|> |AD is something like OnResume...etc etc.
|> |
|> |Which is no problem enforcing or not enforcing for a User...I would
|rather
|> |enforce the script via a policy that is invisible to the user or the
|> |machine, rather than adding a batch file to a startup menu. The
registry
|> |setting is the way to go, and I could create a VB script that would edit
|> the
|> |registry, but the trouble I am having is enforcing it to only the
|> |machine...rather than the user, for example:
|> |
|> |WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure", 0,
|> |"REG_SZ"
|> |
|> |Now that I think about it, I am going to attempt this...in another
script
|I
|> |am already using which is looking at the machine name and uses a Select
|> Case
|> |to install a default printer, based on the machine for an Organizational
|> |Unit, since different users cover each other's jobs in different
|> |locations...lol I think I am answering my own questions.
|> |
|> |Jeff Smyrski.
|> |
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your post and it is my pleasure to work with you again.
|> |>
|> |> The Screen Saver "Password protected" setting is set in the following
|> |> registry entry:
|> |>
|> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop\ScreenSaverIsSecure
|> |>
|> |> When the value is set to "0" (zero), password protection for the
|screen
|> |> saver is turned off. When the value is set to "1", password protection
|> for
|> |> the screen saver is turned on.
|> |>
|> |> Therefore, we can try the following solution:
|> |>
|> |> 1. Log on as a common user and adjust the screen saver settings
|(disable
|> |> screen saver password protected setting).
|> |> 2. Open registry editor and export the
|> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> Panel\Desktop] to a screensaver.reg file.
|> |> 3. Open this screensaver.reg files in Notepad and delete unnecessary
|> |lines.
|> |> For example, we can use the following content:
|> |>
|> |> Windows Registry Editor Version 5.00
|> |>
|> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> "ScreenSaverIsSecure"="0"
|> |>
|> |>
|> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |Double-click
|> |> "Programs" and then double-click "Startup".
|> |> 5. Then a Windows Explorer will open in a directory like the
following:
|> |>
|> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |>
|> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> 7. Please use Notepad to create a ScreenSaver.bat file there. Please
|> input
|> |> the following command in that ScreenSaver.bat file:
|> |>
|> |> regedit /s ScreenSaver.reg
|> |>
|> |> Then when a user logs on, the above command will be operated and
|disable
|> |> the Screen Saver password protection.
|> |>
|> |> I have tested this solution in my lab. Thank you for keeping using our
|> |news
|> |> groups! Have a great day! :)
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |Subject: Disable Screen Saver Password for Machine
|> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |Lines: 18
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:14953
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |I am interested in disabling the screen saver password for one
machine
|> |that
|> |> |several users access under one log in. The problem that I have is if
|I
|> |> |disable the password for this user based on the OU, then where ever
|the
|> |> user
|> |> |logs into which might be multiply machines the password protect
option
|> is
|> |> |disabled.
|> |> |
|> |> |I attempted then, to create a Machine policy for the OU only applying
|> the
|> |> |policy to the machine name, I moved the policy to the top of the list
|> and
|> |> |even attempted the no override option.
|> |> |
|> |> |How can I enforce a no password policy for this machine while
|preserving
|> |> the
|> |> |password protection policy for the users logging in to multiple
|machines
|> |> |including this one.?
|> |> |
|> |> |Thanks
|> |> |Jeff Smyrski
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 
J

Joe Wu [MSFT]

Dear Jeff,

Thank you for clarifying why you prefer a logon script.

I suspect that the setting has been overwritten. Please check the following:

1. After the customer logon, please check the following registry entry.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure

2. If a screen saver password protection is still enabled, please check the
above registry key again.

In the future, we can check which group policies have been applied.

By the way, regarding the printer issue, I have encountered an almost
identical issue before and I resolved the problem by using a VB script. In
that script, I used the code like the following (this is what I provided in
my last response):

Set WshNetwork = WScript.CreateObject("WScript.Network")
PrinterPath = "XXX"
WshNetwork.AddWindowsPrinterConnection PrinterPath
WshNetwork.SetDefaultPrinter PrinterPath

Generally, we use the UNC path to the network printer as the parameter. You
can find this in the following TechNet/MSDN examples:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcen
ter/scrguide/sas_prn_avmt.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
ml/wsmthsetdefaultprinter.asp

Thanks!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<uybdq#[email protected]>
<YJ#[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Wed, 15 Oct 2003 16:53:14 -0400
|Lines: 383
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15198
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|Okay Joe, another snafu as it were.
| You saw my script, it must set the registry value, but it seems that
the
|screen saver is still enabled.
|
| Perhaps not at first, but it seems that after a while the domain policy
|and group policys are re-applied wiping out the setting I make, I assume
|this would be the case with either this script or a registry batch file in
|the startup, if the key is changed, somehow over time the policy is
|resetting it back.
|
| Any ideas, how or why this would be happening?
|
|Jeff Smyrski
|
||> Dear Jeff,
|>
|> Thank you for your reply. Yes, I think that this method should also work.
|> Beside, I would like to provide two suggestions:
|>
|> 1. The usage of AddWindowsPrinterConnection is not the same in different
|> operating systems:
|>
|> Windows NT/2000:
|> object.AddWindowsPrinterConnection(
|> strPrinterPath
|> )
|> Windows 9x/Me:
|> object.AddWindowsPrinterConnection(
|> strPrinterPath,
|> strDriverName[,strPort]
|> )
|>
|> Therefore, if the clients are Windows NT or Windows 2000, we can use only
|> one argument.
|>
|> 2. SetDefaultPrinter() should use the same argument as
|> AddWindowsPrinterConnection().
|>
|> So we can use the following code for Windows 2000 systems:
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
|> WshNetwork.AddWindowsPrinterConnection PrinterPath
|> WshNetwork.SetDefaultPrinter PrinterPath
|>
|> Thank you for using our news groups!
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> <[email protected]>
|> <[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Tue, 14 Oct 2003 16:13:41 -0400
|> |Lines: 264
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <uybdq#[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15129
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |So, I guess I am lost, does the following vbscript work for what I want
|it
|> |to do?
|> |This is the logon script for all users in this particular group...which
|> also
|> |selectivly maps the default printer.
|> |
|> |In my model I have two cross trained secretaries that will log onto 3
|> |different workstations, in diff, locations, with diff printers
available.
|> I
|> |figure that I am already detecting the workstation in order to perform
|> these
|> |steps, will adding the network line under the Case Station_131 work in
|this
|> |senerio. Also, I have moved the policy to the top of the list and
|checked
|> |the no override option...to preserve the setting from other policies.
|> |Please let me know.
|> |Jeff Smyrski
|> |
|> |Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |Set WshShell = WScript.CreateObject("WScript.Shell")
|> |Select Case WshNetwork.ComputerName
|> | Case "STATION_120"
|> | PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
|> | PinterDriver = "HP LaserJet 5000 Series PCL 6"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
PrinterDriver
|> |
|> | PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
|> | PrinterDriver = "HP LaserJet 4 Plus"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
PrinterDriver
|> |
|> | WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
|> | Case "STATION_131"
|> | PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
|> | PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
PrinterDriver
|> | WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|> |
|> | WshShell.RegWrite "HKCU\Control
|Panel\Desktop\ScreenSaverIsSecure",
|> |0, "REG_SZ"
|> |
|> |Case Else
|> | PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
|> | PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|> | WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|> |End Select
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your reply.
|> |>
|> |> Yes, we can also adjust the existing script to apply these settings on
|> |only
|> |> one computer according to its computer name. It is easy to query the
|> |> computer name via VB script.
|> |>
|> |> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |> sComputerName=WshNetwork.ComputerName
|> |>
|> |> However, it is not the same as enabling the setting in a certain GPO.
|> |> Please note that we added this batch file (or a VBS script) in All
|Users'
|> |> startup folder. Therefore, no matter who logs on to that computer and
|> what
|> |> his/her original screen saver settings' are, the batch/script will be
|> |> executed to disable the screen saver password protect. This method
will
|> |not
|> |> affect other computers.
|> |>
|> |> Please feel free to let me know if you need my further assistance.
|> Thanks!
|> |>
|> |> Regards,
|> |> -Joe
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |References: <[email protected]>
|> |> <[email protected]>
|> |> |Subject: Re: Disable Screen Saver Password for Machine
|> |> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |> |Lines: 135
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:14985
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |I understand what you are saying, but in reality this is the same as
|the
|> |> |Active Directory Policy that I enforce on all of my users, in essence
|> |under
|> |> |the USER->Administrative Templates->Control Panel->Display and the
|> |options
|> |> |to enable the screen saver, to type in the name of the screen saver,
|> |which
|> |> I
|> |> |am using, logon.scr, the timeout, and event the "password" feature,
|> which
|> |> in
|> |> |AD is something like OnResume...etc etc.
|> |> |
|> |> |Which is no problem enforcing or not enforcing for a User...I would
|> |rather
|> |> |enforce the script via a policy that is invisible to the user or the
|> |> |machine, rather than adding a batch file to a startup menu. The
|> registry
|> |> |setting is the way to go, and I could create a VB script that would
|edit
|> |> the
|> |> |registry, but the trouble I am having is enforcing it to only the
|> |> |machine...rather than the user, for example:
|> |> |
|> |> |WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
0,
|> |> |"REG_SZ"
|> |> |
|> |> |Now that I think about it, I am going to attempt this...in another
|> script
|> |I
|> |> |am already using which is looking at the machine name and uses a
|Select
|> |> Case
|> |> |to install a default printer, based on the machine for an
|Organizational
|> |> |Unit, since different users cover each other's jobs in different
|> |> |locations...lol I think I am answering my own questions.
|> |> |
|> |> |Jeff Smyrski.
|> |> |
|> |> |
|> |> ||> |> |> Dear Jeff,
|> |> |>
|> |> |> Thank you for your post and it is my pleasure to work with you
|again.
|> |> |>
|> |> |> The Screen Saver "Password protected" setting is set in the
|following
|> |> |> registry entry:
|> |> |>
|> |> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> |> Panel\Desktop\ScreenSaverIsSecure
|> |> |>
|> |> |> When the value is set to "0" (zero), password protection for the
|> |screen
|> |> |> saver is turned off. When the value is set to "1", password
|protection
|> |> for
|> |> |> the screen saver is turned on.
|> |> |>
|> |> |> Therefore, we can try the following solution:
|> |> |>
|> |> |> 1. Log on as a common user and adjust the screen saver settings
|> |(disable
|> |> |> screen saver password protected setting).
|> |> |> 2. Open registry editor and export the
|> |> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> |> Panel\Desktop] to a screensaver.reg file.
|> |> |> 3. Open this screensaver.reg files in Notepad and delete
unnecessary
|> |> |lines.
|> |> |> For example, we can use the following content:
|> |> |>
|> |> |> Windows Registry Editor Version 5.00
|> |> |>
|> |> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> |> "ScreenSaverIsSecure"="0"
|> |> |>
|> |> |>
|> |> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |> |Double-click
|> |> |> "Programs" and then double-click "Startup".
|> |> |> 5. Then a Windows Explorer will open in a directory like the
|> following:
|> |> |>
|> |> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |> |>
|> |> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> |> 7. Please use Notepad to create a ScreenSaver.bat file there.
Please
|> |> input
|> |> |> the following command in that ScreenSaver.bat file:
|> |> |>
|> |> |> regedit /s ScreenSaver.reg
|> |> |>
|> |> |> Then when a user logs on, the above command will be operated and
|> |disable
|> |> |> the Screen Saver password protection.
|> |> |>
|> |> |> I have tested this solution in my lab. Thank you for keeping using
|our
|> |> |news
|> |> |> groups! Have a great day! :)
|> |> |>
|> |> |> Regards,
|> |> |> Joe Wu
|> |> |> Product Support Services
|> |> |> Microsoft Corporation
|> |> |>
|> |> |> Get Secure! - www.microsoft.com/security
|> |> |>
|> |> |> ====================================================
|> |> |> When responding to posts, please "Reply to Group" via your
|newsreader
|> |so
|> |> |> that others may learn and benefit from your issue.
|> |> |> ====================================================
|> |> |> This posting is provided "AS IS" with no warranties, and confers no
|> |> |rights.
|> |> |>
|> |> |> --------------------
|> |> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |> |Subject: Disable Screen Saver Password for Machine
|> |> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |> |Lines: 18
|> |> |> |X-Priority: 3
|> |> |> |X-MSMail-Priority: Normal
|> |> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |> |Message-ID: <[email protected]>
|> |> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |> |216.230.225.242
|> |> |> |Path:
|cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |> |Xref: cpmsftngxa06.phx.gbl
|> microsoft.public.win2000.group_policy:14953
|> |> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |> |
|> |> |> |I am interested in disabling the screen saver password for one
|> machine
|> |> |that
|> |> |> |several users access under one log in. The problem that I have is
|if
|> |I
|> |> |> |disable the password for this user based on the OU, then where
ever
|> |the
|> |> |> user
|> |> |> |logs into which might be multiply machines the password protect
|> option
|> |> is
|> |> |> |disabled.
|> |> |> |
|> |> |> |I attempted then, to create a Machine policy for the OU only
|applying
|> |> the
|> |> |> |policy to the machine name, I moved the policy to the top of the
|list
|> |> and
|> |> |> |even attempted the no override option.
|> |> |> |
|> |> |> |How can I enforce a no password policy for this machine while
|> |preserving
|> |> |> the
|> |> |> |password protection policy for the users logging in to multiple
|> |machines
|> |> |> |including this one.?
|> |> |> |
|> |> |> |Thanks
|> |> |> |Jeff Smyrski
|> |> |> |
|> |> |> |
|> |> |> |
|> |> |>
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 
J

Jeff Smyrski

Okay here is what I tried...direct me where I might have gone wrong.

I waited for the user to log into the machine, but since the domain
policy restricts the use of registry edit tools, I attempted the regedit
remotely, only as you know the CURRENT_USER hive is not available. So I
looked under Users, then the keys as you defined them, but the
ScreenSaverIsSecure is not present...should it be?
I will attempt to go to the machine and use the run as option for
regedit, but not sure if that will work, it seems that with xp, it creates
another profile, for the user who is being run as...and does not really work
the way the windows 2000 method did.
Please advise.
Jeff Smyrski

Joe Wu said:
Dear Jeff,

Thank you for clarifying why you prefer a logon script.

I suspect that the setting has been overwritten. Please check the following:

1. After the customer logon, please check the following registry entry.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure

2. If a screen saver password protection is still enabled, please check the
above registry key again.

In the future, we can check which group policies have been applied.

By the way, regarding the printer issue, I have encountered an almost
identical issue before and I resolved the problem by using a VB script. In
that script, I used the code like the following (this is what I provided in
my last response):

Set WshNetwork = WScript.CreateObject("WScript.Network")
PrinterPath = "XXX"
WshNetwork.AddWindowsPrinterConnection PrinterPath
WshNetwork.SetDefaultPrinter PrinterPath

Generally, we use the UNC path to the network printer as the parameter. You
can find this in the following TechNet/MSDN examples:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcen
ter/scrguide/sas_prn_avmt.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
ml/wsmthsetdefaultprinter.asp

Thanks!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<uybdq#[email protected]>
<YJ#[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Wed, 15 Oct 2003 16:53:14 -0400
|Lines: 383
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15198
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|Okay Joe, another snafu as it were.
| You saw my script, it must set the registry value, but it seems that
the
|screen saver is still enabled.
|
| Perhaps not at first, but it seems that after a while the domain policy
|and group policys are re-applied wiping out the setting I make, I assume
|this would be the case with either this script or a registry batch file in
|the startup, if the key is changed, somehow over time the policy is
|resetting it back.
|
| Any ideas, how or why this would be happening?
|
|Jeff Smyrski
|
||> Dear Jeff,
|>
|> Thank you for your reply. Yes, I think that this method should also work.
|> Beside, I would like to provide two suggestions:
|>
|> 1. The usage of AddWindowsPrinterConnection is not the same in different
|> operating systems:
|>
|> Windows NT/2000:
|> object.AddWindowsPrinterConnection(
|> strPrinterPath
|> )
|> Windows 9x/Me:
|> object.AddWindowsPrinterConnection(
|> strPrinterPath,
|> strDriverName[,strPort]
|> )
|>
|> Therefore, if the clients are Windows NT or Windows 2000, we can use only
|> one argument.
|>
|> 2. SetDefaultPrinter() should use the same argument as
|> AddWindowsPrinterConnection().
|>
|> So we can use the following code for Windows 2000 systems:
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
|> WshNetwork.AddWindowsPrinterConnection PrinterPath
|> WshNetwork.SetDefaultPrinter PrinterPath
|>
|> Thank you for using our news groups!
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> <[email protected]>
|> <[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Tue, 14 Oct 2003 16:13:41 -0400
|> |Lines: 264
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <uybdq#[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15129
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |So, I guess I am lost, does the following vbscript work for what I want
|it
|> |to do?
|> |This is the logon script for all users in this particular group...which
|> also
|> |selectivly maps the default printer.
|> |
|> |In my model I have two cross trained secretaries that will log onto 3
|> |different workstations, in diff, locations, with diff printers
available.
|> I
|> |figure that I am already detecting the workstation in order to perform
|> these
|> |steps, will adding the network line under the Case Station_131 work in
|this
|> |senerio. Also, I have moved the policy to the top of the list and
|checked
|> |the no override option...to preserve the setting from other policies.
|> |Please let me know.
|> |Jeff Smyrski
|> |
|> |Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |Set WshShell = WScript.CreateObject("WScript.Shell")
|> |Select Case WshNetwork.ComputerName
|> | Case "STATION_120"
|> | PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
|> | PinterDriver = "HP LaserJet 5000 Series PCL 6"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
PrinterDriver
|> |
|> | PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
|> | PrinterDriver = "HP LaserJet 4 Plus"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
PrinterDriver
|> |
|> | WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
|> | Case "STATION_131"
|> | PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
|> | PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
PrinterDriver
|> | WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|> |
|> | WshShell.RegWrite "HKCU\Control
|Panel\Desktop\ScreenSaverIsSecure",
|> |0, "REG_SZ"
|> |
|> |Case Else
|> | PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
|> | PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
|> | WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|> | WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|> |End Select
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your reply.
|> |>
|> |> Yes, we can also adjust the existing script to apply these settings on
|> |only
|> |> one computer according to its computer name. It is easy to query the
|> |> computer name via VB script.
|> |>
|> |> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |> sComputerName=WshNetwork.ComputerName
|> |>
|> |> However, it is not the same as enabling the setting in a certain GPO.
|> |> Please note that we added this batch file (or a VBS script) in All
|Users'
|> |> startup folder. Therefore, no matter who logs on to that computer and
|> what
|> |> his/her original screen saver settings' are, the batch/script will be
|> |> executed to disable the screen saver password protect. This method
will
|> |not
|> |> affect other computers.
|> |>
|> |> Please feel free to let me know if you need my further assistance.
|> Thanks!
|> |>
|> |> Regards,
|> |> -Joe
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |References: <[email protected]>
|> |> <[email protected]>
|> |> |Subject: Re: Disable Screen Saver Password for Machine
|> |> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |> |Lines: 135
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:14985
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |I understand what you are saying, but in reality this is the same as
|the
|> |> |Active Directory Policy that I enforce on all of my users, in essence
|> |under
|> |> |the USER->Administrative Templates->Control Panel->Display and the
|> |options
|> |> |to enable the screen saver, to type in the name of the screen saver,
|> |which
|> |> I
|> |> |am using, logon.scr, the timeout, and event the "password" feature,
|> which
|> |> in
|> |> |AD is something like OnResume...etc etc.
|> |> |
|> |> |Which is no problem enforcing or not enforcing for a User...I would
|> |rather
|> |> |enforce the script via a policy that is invisible to the user or the
|> |> |machine, rather than adding a batch file to a startup menu. The
|> registry
|> |> |setting is the way to go, and I could create a VB script that would
|edit
|> |> the
|> |> |registry, but the trouble I am having is enforcing it to only the
|> |> |machine...rather than the user, for example:
|> |> |
|> |> |WshShell.RegWrite "HKCU\Control Panel\Desktop\ScreenSaverIsSecure",
0,
|> |> |"REG_SZ"
|> |> |
|> |> |Now that I think about it, I am going to attempt this...in another
|> script
|> |I
|> |> |am already using which is looking at the machine name and uses a
|Select
|> |> Case
|> |> |to install a default printer, based on the machine for an
|Organizational
|> |> |Unit, since different users cover each other's jobs in different
|> |> |locations...lol I think I am answering my own questions.
|> |> |
|> |> |Jeff Smyrski.
|> |> |
|> |> |
|> |> ||> |> |> Dear Jeff,
|> |> |>
|> |> |> Thank you for your post and it is my pleasure to work with you
|again.
|> |> |>
|> |> |> The Screen Saver "Password protected" setting is set in the
|following
|> |> |> registry entry:
|> |> |>
|> |> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> |> Panel\Desktop\ScreenSaverIsSecure
|> |> |>
|> |> |> When the value is set to "0" (zero), password protection for the
|> |screen
|> |> |> saver is turned off. When the value is set to "1", password
|protection
|> |> for
|> |> |> the screen saver is turned on.
|> |> |>
|> |> |> Therefore, we can try the following solution:
|> |> |>
|> |> |> 1. Log on as a common user and adjust the screen saver settings
|> |(disable
|> |> |> screen saver password protected setting).
|> |> |> 2. Open registry editor and export the
|> |> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> |> Panel\Desktop] to a screensaver.reg file.
|> |> |> 3. Open this screensaver.reg files in Notepad and delete
unnecessary
|> |> |lines.
|> |> |> For example, we can use the following content:
|> |> |>
|> |> |> Windows Registry Editor Version 5.00
|> |> |>
|> |> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> |> "ScreenSaverIsSecure"="0"
|> |> |>
|> |> |>
|> |> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |> |Double-click
|> |> |> "Programs" and then double-click "Startup".
|> |> |> 5. Then a Windows Explorer will open in a directory like the
|> following:
|> |> |>
|> |> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |> |>
|> |> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> |> 7. Please use Notepad to create a ScreenSaver.bat file there.
Please
|> |> input
|> |> |> the following command in that ScreenSaver.bat file:
|> |> |>
|> |> |> regedit /s ScreenSaver.reg
|> |> |>
|> |> |> Then when a user logs on, the above command will be operated and
|> |disable
|> |> |> the Screen Saver password protection.
|> |> |>
|> |> |> I have tested this solution in my lab. Thank you for keeping using
|our
|> |> |news
|> |> |> groups! Have a great day! :)
|> |> |>
|> |> |> Regards,
|> |> |> Joe Wu
|> |> |> Product Support Services
|> |> |> Microsoft Corporation
|> |> |>
|> |> |> Get Secure! - www.microsoft.com/security
|> |> |>
|> |> |> ====================================================
|> |> |> When responding to posts, please "Reply to Group" via your
|newsreader
|> |so
|> |> |> that others may learn and benefit from your issue.
|> |> |> ====================================================
|> |> |> This posting is provided "AS IS" with no warranties, and confers no
|> |> |rights.
|> |> |>
|> |> |> --------------------
|> |> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |> |Subject: Disable Screen Saver Password for Machine
|> |> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |> |Lines: 18
|> |> |> |X-Priority: 3
|> |> |> |X-MSMail-Priority: Normal
|> |> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |> |Message-ID: <[email protected]>
|> |> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |> |216.230.225.242
|> |> |> |Path:
|cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |> |Xref: cpmsftngxa06.phx.gbl
|> microsoft.public.win2000.group_policy:14953
|> |> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |> |
|> |> |> |I am interested in disabling the screen saver password for one
|> machine
|> |> |that
|> |> |> |several users access under one log in. The problem that I have is
|if
|> |I
|> |> |> |disable the password for this user based on the OU, then where
ever
|> |the
|> |> |> user
|> |> |> |logs into which might be multiply machines the password protect
|> option
|> |> is
|> |> |> |disabled.
|> |> |> |
|> |> |> |I attempted then, to create a Machine policy for the OU only
|applying
|> |> the
|> |> |> |policy to the machine name, I moved the policy to the top of the
|list
|> |> and
|> |> |> |even attempted the no override option.
|> |> |> |
|> |> |> |How can I enforce a no password policy for this machine while
|> |preserving
|> |> |> the
|> |> |> |password protection policy for the users logging in to multiple
|> |machines
|> |> |> |including this one.?
|> |> |> |
|> |> |> |Thanks
|> |> |> |Jeff Smyrski
|> |> |> |
|> |> |> |
|> |> |> |
|> |> |>
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 
J

Joe Wu [MSFT]

Dear Jeff,

Thank you for your update.

I would like to provide the following suggestion:

1. Please adjust the script to directly change the following registry
entry:

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure

NOTE: The screen saver protection group policy setting changes the
following entry we used before:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure

2. Each group policy object consists two parts: Computer configuration and
User configuration. Please ensure that you enable the script in User
Configuration/Windows Settings/Scripts (logon/logoff).

3. It is a good idea to remotely check the user's registry through network.
In this way, the CURRENT_USER hive is not available. However, we can check
the entry in the following hive:

<COMPUTER NAME>\HKEY_USERS\<SID>\Control Panel\Desktop\ScreenSaverIsSecure

To get the account's SID, you can use one of the methods below:

3.1) Check the following registry entry to ensure that which hive is for
the problematic user:

<COMPUTER
NAME>\HKEY_USERS\<SID>\Software\Microsoft\Windows\CurrentVersion\Explorer\Lo
gon User Name

3.2) Logon as the problem and run a Windows 2000 Resource Kit tool
whoami.exe as follows:

whoami.exe /all

As a result, you will get the SID of the current user account.

Please let me know if anything is unclear. Thanks!

Regards,
Joe Wu
Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
|From: "Jeff Smyrski" <[email protected]>
|References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<uybdq#[email protected]>
<YJ#[email protected]>
<[email protected]>
<[email protected]>
|Subject: Re: Disable Screen Saver Password for Machine
|Date: Thu, 16 Oct 2003 09:47:50 -0400
|Lines: 514
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <uE8kYw#[email protected]>
|Newsgroups: microsoft.public.win2000.group_policy
|NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com 216.230.225.242
|Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15227
|X-Tomcat-NG: microsoft.public.win2000.group_policy
|
|Okay here is what I tried...direct me where I might have gone wrong.
|
| I waited for the user to log into the machine, but since the domain
|policy restricts the use of registry edit tools, I attempted the regedit
|remotely, only as you know the CURRENT_USER hive is not available. So I
|looked under Users, then the keys as you defined them, but the
|ScreenSaverIsSecure is not present...should it be?
| I will attempt to go to the machine and use the run as option for
|regedit, but not sure if that will work, it seems that with xp, it creates
|another profile, for the user who is being run as...and does not really
work
|the way the windows 2000 method did.
| Please advise.
|Jeff Smyrski
|
||> Dear Jeff,
|>
|> Thank you for clarifying why you prefer a logon script.
|>
|> I suspect that the setting has been overwritten. Please check the
|following:
|>
|> 1. After the customer logon, please check the following registry entry.
|>
|> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> Panel\Desktop\ScreenSaverIsSecure
|>
|> 2. If a screen saver password protection is still enabled, please check
|the
|> above registry key again.
|>
|> In the future, we can check which group policies have been applied.
|>
|> By the way, regarding the printer issue, I have encountered an almost
|> identical issue before and I resolved the problem by using a VB script.
In
|> that script, I used the code like the following (this is what I provided
|in
|> my last response):
|>
|> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> PrinterPath = "XXX"
|> WshNetwork.AddWindowsPrinterConnection PrinterPath
|> WshNetwork.SetDefaultPrinter PrinterPath
|>
|> Generally, we use the UNC path to the network printer as the parameter.
|You
|> can find this in the following TechNet/MSDN examples:
|>
|>
|http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptce
n
|> ter/scrguide/sas_prn_avmt.asp
|>
|http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/h
t
|> ml/wsmthsetdefaultprinter.asp
|>
|> Thanks!
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Jeff Smyrski" <[email protected]>
|> |References: <[email protected]>
|> <[email protected]>
|> <[email protected]>
|> <[email protected]>
|> <uybdq#[email protected]>
|> <YJ#[email protected]>
|> |Subject: Re: Disable Screen Saver Password for Machine
|> |Date: Wed, 15 Oct 2003 16:53:14 -0400
|> |Lines: 383
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <[email protected]>
|> |Newsgroups: microsoft.public.win2000.group_policy
|> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|216.230.225.242
|> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.group_policy:15198
|> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |
|> |Okay Joe, another snafu as it were.
|> | You saw my script, it must set the registry value, but it seems that
|> the
|> |screen saver is still enabled.
|> |
|> | Perhaps not at first, but it seems that after a while the domain
|policy
|> |and group policys are re-applied wiping out the setting I make, I assume
|> |this would be the case with either this script or a registry batch file
|in
|> |the startup, if the key is changed, somehow over time the policy is
|> |resetting it back.
|> |
|> | Any ideas, how or why this would be happening?
|> |
|> |Jeff Smyrski
|> |
|> ||> |> Dear Jeff,
|> |>
|> |> Thank you for your reply. Yes, I think that this method should also
|work.
|> |> Beside, I would like to provide two suggestions:
|> |>
|> |> 1. The usage of AddWindowsPrinterConnection is not the same in
|different
|> |> operating systems:
|> |>
|> |> Windows NT/2000:
|> |> object.AddWindowsPrinterConnection(
|> |> strPrinterPath
|> |> )
|> |> Windows 9x/Me:
|> |> object.AddWindowsPrinterConnection(
|> |> strPrinterPath,
|> |> strDriverName[,strPort]
|> |> )
|> |>
|> |> Therefore, if the clients are Windows NT or Windows 2000, we can use
|only
|> |> one argument.
|> |>
|> |> 2. SetDefaultPrinter() should use the same argument as
|> |> AddWindowsPrinterConnection().
|> |>
|> |> So we can use the following code for Windows 2000 systems:
|> |>
|> |> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |> PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
|> |> WshNetwork.AddWindowsPrinterConnection PrinterPath
|> |> WshNetwork.SetDefaultPrinter PrinterPath
|> |>
|> |> Thank you for using our news groups!
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! - www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |References: <[email protected]>
|> |> <[email protected]>
|> |> <[email protected]>
|> |> <[email protected]>
|> |> |Subject: Re: Disable Screen Saver Password for Machine
|> |> |Date: Tue, 14 Oct 2003 16:13:41 -0400
|> |> |Lines: 264
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <uybdq#[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |216.230.225.242
|> |> |Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.win2000.group_policy:15129
|> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |
|> |> |So, I guess I am lost, does the following vbscript work for what I
|want
|> |it
|> |> |to do?
|> |> |This is the logon script for all users in this particular
|group...which
|> |> also
|> |> |selectivly maps the default printer.
|> |> |
|> |> |In my model I have two cross trained secretaries that will log onto 3
|> |> |different workstations, in diff, locations, with diff printers
|> available.
|> |> I
|> |> |figure that I am already detecting the workstation in order to
perform
|> |> these
|> |> |steps, will adding the network line under the Case Station_131 work
in
|> |this
|> |> |senerio. Also, I have moved the policy to the top of the list and
|> |checked
|> |> |the no override option...to preserve the setting from other
policies.
|> |> |Please let me know.
|> |> |Jeff Smyrski
|> |> |
|> |> |Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |> |Set WshShell = WScript.CreateObject("WScript.Shell")
|> |> |Select Case WshNetwork.ComputerName
|> |> | Case "STATION_120"
|> |> | PrinterPath = "\\BOFU2000\HP_CSR 5000dn PCL 6"
|> |> | PinterDriver = "HP LaserJet 5000 Series PCL 6"
|> |> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
|> PrinterDriver
|> |> |
|> |> | PrinterPath = "\\BOFU2000\HP_PBSEC - HP 4 Plus"
|> |> | PrinterDriver = "HP LaserJet 4 Plus"
|> |> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
|> PrinterDriver
|> |> |
|> |> | WshNetwork.SetDefaultPrinter "\\BOFU2000\HP_PBSEC"
|> |> | Case "STATION_131"
|> |> | PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
|> |> | PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
|> |> | WshNetwork.AddWindowsPrinterConnection PrinterPath,
|> PrinterDriver
|> |> | WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|> |> |
|> |> | WshShell.RegWrite "HKCU\Control
|> |Panel\Desktop\ScreenSaverIsSecure",
|> |> |0, "REG_SZ"
|> |> |
|> |> |Case Else
|> |> | PrinterPath = "\\BOFU2000\HP Color - CB PCL 5c"
|> |> | PrinterDriver = "HP Color LaserJet 4500 PCL 5c"
|> |> | WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
|> |> | WshNetwork.SetDefaultPrinter "\\BOFU2000\CBColor"
|> |> |End Select
|> |> |
|> |> ||> |> |> Dear Jeff,
|> |> |>
|> |> |> Thank you for your reply.
|> |> |>
|> |> |> Yes, we can also adjust the existing script to apply these settings
|on
|> |> |only
|> |> |> one computer according to its computer name. It is easy to query
the
|> |> |> computer name via VB script.
|> |> |>
|> |> |> Set WshNetwork = WScript.CreateObject("WScript.Network")
|> |> |> sComputerName=WshNetwork.ComputerName
|> |> |>
|> |> |> However, it is not the same as enabling the setting in a certain
|GPO.
|> |> |> Please note that we added this batch file (or a VBS script) in All
|> |Users'
|> |> |> startup folder. Therefore, no matter who logs on to that computer
|and
|> |> what
|> |> |> his/her original screen saver settings' are, the batch/script will
|be
|> |> |> executed to disable the screen saver password protect. This method
|> will
|> |> |not
|> |> |> affect other computers.
|> |> |>
|> |> |> Please feel free to let me know if you need my further assistance.
|> |> Thanks!
|> |> |>
|> |> |> Regards,
|> |> |> -Joe
|> |> |>
|> |> |> Regards,
|> |> |> Joe Wu
|> |> |> Product Support Services
|> |> |> Microsoft Corporation
|> |> |>
|> |> |> Get Secure! - www.microsoft.com/security
|> |> |>
|> |> |> ====================================================
|> |> |> When responding to posts, please "Reply to Group" via your
|newsreader
|> |so
|> |> |> that others may learn and benefit from your issue.
|> |> |> ====================================================
|> |> |> This posting is provided "AS IS" with no warranties, and confers no
|> |> |rights.
|> |> |>
|> |> |> --------------------
|> |> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |> |References: <[email protected]>
|> |> |> <[email protected]>
|> |> |> |Subject: Re: Disable Screen Saver Password for Machine
|> |> |> |Date: Fri, 10 Oct 2003 09:37:58 -0400
|> |> |> |Lines: 135
|> |> |> |X-Priority: 3
|> |> |> |X-MSMail-Priority: Normal
|> |> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |> |Message-ID: <[email protected]>
|> |> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |> |216.230.225.242
|> |> |> |Path:
|cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
|> |> |> |Xref: cpmsftngxa06.phx.gbl
|> microsoft.public.win2000.group_policy:14985
|> |> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |> |
|> |> |> |I understand what you are saying, but in reality this is the same
|as
|> |the
|> |> |> |Active Directory Policy that I enforce on all of my users, in
|essence
|> |> |under
|> |> |> |the USER->Administrative Templates->Control Panel->Display and the
|> |> |options
|> |> |> |to enable the screen saver, to type in the name of the screen
|saver,
|> |> |which
|> |> |> I
|> |> |> |am using, logon.scr, the timeout, and event the "password"
feature,
|> |> which
|> |> |> in
|> |> |> |AD is something like OnResume...etc etc.
|> |> |> |
|> |> |> |Which is no problem enforcing or not enforcing for a User...I
would
|> |> |rather
|> |> |> |enforce the script via a policy that is invisible to the user or
|the
|> |> |> |machine, rather than adding a batch file to a startup menu. The
|> |> registry
|> |> |> |setting is the way to go, and I could create a VB script that
would
|> |edit
|> |> |> the
|> |> |> |registry, but the trouble I am having is enforcing it to only the
|> |> |> |machine...rather than the user, for example:
|> |> |> |
|> |> |> |WshShell.RegWrite "HKCU\Control
Panel\Desktop\ScreenSaverIsSecure",
|> 0,
|> |> |> |"REG_SZ"
|> |> |> |
|> |> |> |Now that I think about it, I am going to attempt this...in another
|> |> script
|> |> |I
|> |> |> |am already using which is looking at the machine name and uses a
|> |Select
|> |> |> Case
|> |> |> |to install a default printer, based on the machine for an
|> |Organizational
|> |> |> |Unit, since different users cover each other's jobs in different
|> |> |> |locations...lol I think I am answering my own questions.
|> |> |> |
|> |> |> |Jeff Smyrski.
|> |> |> |
|> |> |> |
|> |> |> ||> |> |> |> Dear Jeff,
|> |> |> |>
|> |> |> |> Thank you for your post and it is my pleasure to work with you
|> |again.
|> |> |> |>
|> |> |> |> The Screen Saver "Password protected" setting is set in the
|> |following
|> |> |> |> registry entry:
|> |> |> |>
|> |> |> |> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> |> |> Panel\Desktop\ScreenSaverIsSecure
|> |> |> |>
|> |> |> |> When the value is set to "0" (zero), password protection for
the
|> |> |screen
|> |> |> |> saver is turned off. When the value is set to "1", password
|> |protection
|> |> |> for
|> |> |> |> the screen saver is turned on.
|> |> |> |>
|> |> |> |> Therefore, we can try the following solution:
|> |> |> |>
|> |> |> |> 1. Log on as a common user and adjust the screen saver settings
|> |> |(disable
|> |> |> |> screen saver password protected setting).
|> |> |> |> 2. Open registry editor and export the
|> |> |> |> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control
|> |> |> |> Panel\Desktop] to a screensaver.reg file.
|> |> |> |> 3. Open this screensaver.reg files in Notepad and delete
|> unnecessary
|> |> |> |lines.
|> |> |> |> For example, we can use the following content:
|> |> |> |>
|> |> |> |> Windows Registry Editor Version 5.00
|> |> |> |>
|> |> |> |> [HKEY_CURRENT_USER\Control Panel\Desktop]
|> |> |> |> "ScreenSaverIsSecure"="0"
|> |> |> |>
|> |> |> |>
|> |> |> |> 4. Right-click the "Start" button and choose "Open All Users".
|> |> |> |Double-click
|> |> |> |> "Programs" and then double-click "Startup".
|> |> |> |> 5. Then a Windows Explorer will open in a directory like the
|> |> following:
|> |> |> |>
|> |> |> |> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
|> |> |> |>
|> |> |> |> 6. Copy the ScreenSaver.reg file to this folder.
|> |> |> |> 7. Please use Notepad to create a ScreenSaver.bat file there.
|> Please
|> |> |> input
|> |> |> |> the following command in that ScreenSaver.bat file:
|> |> |> |>
|> |> |> |> regedit /s ScreenSaver.reg
|> |> |> |>
|> |> |> |> Then when a user logs on, the above command will be operated and
|> |> |disable
|> |> |> |> the Screen Saver password protection.
|> |> |> |>
|> |> |> |> I have tested this solution in my lab. Thank you for keeping
|using
|> |our
|> |> |> |news
|> |> |> |> groups! Have a great day! :)
|> |> |> |>
|> |> |> |> Regards,
|> |> |> |> Joe Wu
|> |> |> |> Product Support Services
|> |> |> |> Microsoft Corporation
|> |> |> |>
|> |> |> |> Get Secure! - www.microsoft.com/security
|> |> |> |>
|> |> |> |> ====================================================
|> |> |> |> When responding to posts, please "Reply to Group" via your
|> |newsreader
|> |> |so
|> |> |> |> that others may learn and benefit from your issue.
|> |> |> |> ====================================================
|> |> |> |> This posting is provided "AS IS" with no warranties, and confers
|no
|> |> |> |rights.
|> |> |> |>
|> |> |> |> --------------------
|> |> |> |> |From: "Jeff Smyrski" <[email protected]>
|> |> |> |> |Subject: Disable Screen Saver Password for Machine
|> |> |> |> |Date: Thu, 9 Oct 2003 15:46:19 -0400
|> |> |> |> |Lines: 18
|> |> |> |> |X-Priority: 3
|> |> |> |> |X-MSMail-Priority: Normal
|> |> |> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |> |> |Message-ID: <[email protected]>
|> |> |> |> |Newsgroups: microsoft.public.win2000.group_policy
|> |> |> |> |NNTP-Posting-Host: bankofutica-gate-line-r.bankofutica.com
|> |> |> |216.230.225.242
|> |> |> |> |Path:
|> |cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
|> |> |> |> |Xref: cpmsftngxa06.phx.gbl
|> |> microsoft.public.win2000.group_policy:14953
|> |> |> |> |X-Tomcat-NG: microsoft.public.win2000.group_policy
|> |> |> |> |
|> |> |> |> |I am interested in disabling the screen saver password for one
|> |> machine
|> |> |> |that
|> |> |> |> |several users access under one log in. The problem that I have
|is
|> |if
|> |> |I
|> |> |> |> |disable the password for this user based on the OU, then where
|> ever
|> |> |the
|> |> |> |> user
|> |> |> |> |logs into which might be multiply machines the password protect
|> |> option
|> |> |> is
|> |> |> |> |disabled.
|> |> |> |> |
|> |> |> |> |I attempted then, to create a Machine policy for the OU only
|> |applying
|> |> |> the
|> |> |> |> |policy to the machine name, I moved the policy to the top of
the
|> |list
|> |> |> and
|> |> |> |> |even attempted the no override option.
|> |> |> |> |
|> |> |> |> |How can I enforce a no password policy for this machine while
|> |> |preserving
|> |> |> |> the
|> |> |> |> |password protection policy for the users logging in to multiple
|> |> |machines
|> |> |> |> |including this one.?
|> |> |> |> |
|> |> |> |> |Thanks
|> |> |> |> |Jeff Smyrski
|> |> |> |> |
|> |> |> |> |
|> |> |> |> |
|> |> |> |>
|> |> |> |
|> |> |> |
|> |> |> |
|> |> |>
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top