Hi Alan/Jamie...thanks for your replies. I have not done any testing of GPP yet..may be time to start. Alan, I was hesitant to turn on loopback for the machines in question because I tested this on one machine and then used your policy reporter (thanks again!) to analyze the log afterwards. I saw a bunch of policies being evaluated twice (expected I presume) and realized that the loopback will apply for ALL of the machine's GPOs (not just this one). So I became concerned I may open Pandora's box and increase logon time or something (though there are no significant policy processing problems to date). Anyway I could be way off...it may work out fine, but figured best to investigate all options first, hence my post. I need to mull this over a bit. -DC On Fri, Dec 12, 2008 at 11:44 PM, Alan & Margaret <syspro@xxxxxxxxxxxxxxxx>wrote: > Hi Dave, > > > > If you do go the path of machine based Group Policy Preferences, be aware > that you must ONLY use Machine Group Policy Preferences. You cannot use both > Machine and User based GPP's or Machine GPPs and User ADM's. > > > > > > Alan Cuthbertson > > > > > > Policy Management Software (Now with ADMX and Preference support):- > > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > > > > ADM Template Editor(Now with ADMX support):- > > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > > > > Policy Log Reporter – including Preference logging(Free) > > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > > > > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Alan & Margaret > *Sent:* Saturday, 13 December 2008 2:17 PM > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Re: Screen Saver ADM feasibility > > > > Jamie is right… Group Policy preferences should work, but I have never > tried this part of it. One problem you may have is if you have roaming > profiles, the setting may not "disappear" when they move to another machine > that doesn't have the policy. Group policy Preferences can be defined to > delete the key when the policy is not applied, so if you were using Group > Policy preferences to create the Policy key it may delete it when you move > to another machine, so the user would then get their own screen saver. > However, I think GPP will only delete the key from the User registry when > the machine no longer receives the Policy, not when the user moves to > another machine that does not receive the policy. Of course if you want to > enforce one screensaver on some machines and enforce a different screen > saver on the rest, GPP should work. > > > > ADM templates won't work because (as you said) Machine ADM templates only > apply to the machine registry. > > > > You only other option is Loop Back processing… turn it on for the machines > you want and create a single policy entry in the User part of the policy for > those machines. Why don't you want to turn it on? > > > > The other way is to use Site policies. Provided all of your machines are in > a particular IP range, you can define that as being a particular Site and > then attach the GPO to activate the screen saver. > > > > Alan Cuthbertson > > > > > > Policy Management Software (Now with ADMX and Preference support):- > > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > > > > ADM Template Editor(Now with ADMX support):- > > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > > > > Policy Log Reporter – including Preference logging(Free) > > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Nelson, Jamie > *Sent:* Saturday, 13 December 2008 8:49 AM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Screen Saver ADM feasibility > > > > You might look at using Item-level targeting in Group Policy Preferences to > populate the registry key. > > > > Actually, there is a control panel\desktop key for the computer, but I > believe that controls the wallpaper you see when no one is logged on. > > > > *Jamie Nelson* | Operations Consultant | BI&T Infrastructure-Intel | *Devon > Energy Corporation* | Work: 405.552.8054 | Mobile: 405.200.8088 | > http://www.dvn.com > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *David Cliffe > *Sent:* Friday, December 12, 2008 12:53 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Screen Saver ADM feasibility > > > > Hi all, > > > > Having never written an ADM before (note: Win 2003/XP env), I was wondering > about feasibility of writing custom ADM to apply a screen saver to computer > side of a GPO so that we can target computer objects. > > > > - We don't want to turn on loopback for standard end user machines > > - We can't use the user side of the policy because client only wants it > applied to certain machines (but large groups of them) :- ( > > > > I'm guessing the tough part (maybe impossible?) is specifying the end > user's registry key. I imagine there's no such thing as the "Control > Panel\Desktop" subkey for computers right? Anybody else been down this > road? I'm already primed to tell customer to adjust their expectations :-) > > > > Thanks! > > -DaveC > * > ------------------------------ > * > > *Confidentiality Warning:* This message and any attachments are intended > only for the use of the intended recipient(s), are confidential, and may be > privileged. If you are not the intended recipient, you are hereby notified > that any review, retransmission, conversion to hard copy, copying, > circulation or other use of all or any portion of this message and any > attachments is strictly prohibited. If you are not the intended recipient, > please notify the sender immediately by return e-mail, and delete this > message and any attachments from your system. >