[gptalk] Re: Screen Saver ADM feasibility
- From: "David Cliffe" <dc31hz@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Mon, 15 Dec 2008 13:55:23 -0500
Hi Alan/Jamie...thanks for your replies. I have not done any testing of GPP
yet..may be time to start.
Alan, I was hesitant to turn on loopback for the machines in question
because I tested this on one machine and then used your policy reporter
(thanks again!) to analyze the log afterwards. I saw a bunch of policies
being evaluated twice (expected I presume) and realized that the loopback
will apply for ALL of the machine's GPOs (not just this one). So I became
concerned I may open Pandora's box and increase logon time or something
(though there are no significant policy processing problems to date).
Anyway I could be way off...it may work out fine, but figured best to
investigate all options first, hence my post.
I need to mull this over a bit.
-DC
On Fri, Dec 12, 2008 at 11:44 PM, Alan & Margaret
<syspro@xxxxxxxxxxxxxxxx>wrote:
> Hi Dave,
>
>
>
> If you do go the path of machine based Group Policy Preferences, be aware
> that you must ONLY use Machine Group Policy Preferences. You cannot use both
> Machine and User based GPP's or Machine GPPs and User ADM's.
>
>
>
>
>
> Alan Cuthbertson
>
>
>
>
>
> Policy Management Software (Now with ADMX and Preference support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
>
>
>
> ADM Template Editor(Now with ADMX support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
>
>
>
> Policy Log Reporter – including Preference logging(Free)
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Alan & Margaret
> *Sent:* Saturday, 13 December 2008 2:17 PM
> *To:* gptalk@xxxxxxxxxxxxx
>
> *Subject:* [gptalk] Re: Screen Saver ADM feasibility
>
>
>
> Jamie is right… Group Policy preferences should work, but I have never
> tried this part of it. One problem you may have is if you have roaming
> profiles, the setting may not "disappear" when they move to another machine
> that doesn't have the policy. Group policy Preferences can be defined to
> delete the key when the policy is not applied, so if you were using Group
> Policy preferences to create the Policy key it may delete it when you move
> to another machine, so the user would then get their own screen saver.
> However, I think GPP will only delete the key from the User registry when
> the machine no longer receives the Policy, not when the user moves to
> another machine that does not receive the policy. Of course if you want to
> enforce one screensaver on some machines and enforce a different screen
> saver on the rest, GPP should work.
>
>
>
> ADM templates won't work because (as you said) Machine ADM templates only
> apply to the machine registry.
>
>
>
> You only other option is Loop Back processing… turn it on for the machines
> you want and create a single policy entry in the User part of the policy for
> those machines. Why don't you want to turn it on?
>
>
>
> The other way is to use Site policies. Provided all of your machines are in
> a particular IP range, you can define that as being a particular Site and
> then attach the GPO to activate the screen saver.
>
>
>
> Alan Cuthbertson
>
>
>
>
>
> Policy Management Software (Now with ADMX and Preference support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
>
>
>
> ADM Template Editor(Now with ADMX support):-
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
>
>
>
> Policy Log Reporter – including Preference logging(Free)
>
> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>
>
>
>
>
>
> ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Nelson, Jamie
> *Sent:* Saturday, 13 December 2008 8:49 AM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Screen Saver ADM feasibility
>
>
>
> You might look at using Item-level targeting in Group Policy Preferences to
> populate the registry key.
>
>
>
> Actually, there is a control panel\desktop key for the computer, but I
> believe that controls the wallpaper you see when no one is logged on.
>
>
>
> *Jamie Nelson* | Operations Consultant | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: 405.552.8054 | Mobile: 405.200.8088 |
> http://www.dvn.com
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *David Cliffe
> *Sent:* Friday, December 12, 2008 12:53 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Screen Saver ADM feasibility
>
>
>
> Hi all,
>
>
>
> Having never written an ADM before (note: Win 2003/XP env), I was wondering
> about feasibility of writing custom ADM to apply a screen saver to computer
> side of a GPO so that we can target computer objects.
>
>
>
> - We don't want to turn on loopback for standard end user machines
>
> - We can't use the user side of the policy because client only wants it
> applied to certain machines (but large groups of them) :- (
>
>
>
> I'm guessing the tough part (maybe impossible?) is specifying the end
> user's registry key. I imagine there's no such thing as the "Control
> Panel\Desktop" subkey for computers right? Anybody else been down this
> road? I'm already primed to tell customer to adjust their expectations :-)
>
>
>
> Thanks!
>
> -DaveC
> *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
Other related posts:
