How to enforce domain policy for local user?

M

moe_swe

I have a domain group policy which works fine on a computer for screen
saver lockup time when I logon to the domain. However, when I logon to
the same machine locally (as an administrator or local user), the
screen saver policy is not working at all. Why?

If it is possible, how do I do to correct it?

Thank you.
 
F

Florian Frommherz

Howdie!

I have a domain group policy which works fine on a computer for screen
saver lockup time when I logon to the domain. However, when I logon to
the same machine locally (as an administrator or local user), the
screen saver policy is not working at all. Why?
Click to expand...

You can't really enforce the domain policy for a local user.

There are 2 options now:

- Configure the settings you wish to have when using a local account (
with gpedit.msc). Like this, all users that do not log in with a domain
account will receive those settings (this could cause a massive
administrative overhead).
- Prevent users from logging on with a local user account. Let them run
with cached credentials (which can be pretty easy using Group Policy and
altering the "Log on locally" right. Remember testing before deploying
in the live environment!)

cheers,

Florian
 
M

moe_swe

Thanks for the response.

Please explain a little more detail for the first option so I can set
it up. The main purpose is to make the screen lock after certain time
of system idle. Mostly for the local administrator login.

Thanks again.
 
F

Florian Frommherz

Howdie!

Please explain a little more detail for the first option so I can set
it up. The main purpose is to make the screen lock after certain time
of system idle. Mostly for the local administrator login.
Click to expand...

Log on as the administrator of the machine. Fire up "gpedit.msc" at the
Start->Run command box. In the opening "Group Policy Editor", navigate to
User Configuration\Administrative Templates\Control Panel\Display\ and
edit the policies "Screen saver timeout" and "Password protect the
screen saver"

The settings you make here will affect all user accounts on that machine.

cheers,

Florian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

password local policy in domain 2
Default Domain Policy 2003 7
Override a Domain GP 1
local Group Policy Administrator does can not logon local 0
local security policy does not get applied 2
Screensaver policy on some PCs 2
User Policy set but no effect 2
Incorrect GPResult result 3

Top