You're saying that you have user settings that you want to apply to users only when they logon to certain computers? Sounds difficult, eh? It's not difficult at all. It sounds like a job for loopback group policy processing!
Assume the following:
[Domain] mydomain.com.org.net.local
|
|--[OU] Special Computers
| |
| |-- [Computer] COMPUTER 1
| |
| |-- [Computer] COMPUTER 2
| ...
|
|--[OU] User Accounts
|
|--[User] Bob
|
|--[User] Alice
...
You would like to apply a user setting (such as running a logon script, or applying other types of GPO user settings) for all users who logon to computers in the "Special Computers" OU. When they logon to computers located in other OUs, though, you do not want these special settings to apply.
Create and link a GPO to the "Special Computers" OU. Specify in that GPO all the user-related settings you want to apply.
("But wait, Evan! The user's account objects aren't in the 'Special Computers' OU!" Yes. I know that. Stay w/ me here. Most AD admins I've met don't understand loopback policy processing and get scared. I've seen horrible hacks like creating secondary user accounts for users to logon with when using "special computers", etc... >shudder<)
In the GPO you created, go into the COMPUTER "Administrative Templates", "System", "Group Policy", and locate the setting "User Group Policy loopback processing mode". Enable this setting. In the "Mode" box, choose "Replace" if you want all the user's "normal" group policy settings to be ignored and only the user policy settings in this new GPO to apply. Choose "Merge" if you want the user settings in the GPO to apply after all their normal user settings have applied.
My opinion is that this is a lot cleaner than "hacks" involving "If computer == blah" in logon scripts.
My advice to you would be to do what you're doing with a Group Policy Preference (GPP)registry settings, rather than with a logon script. It will apply one time, leaving default settings in the users' registry, but the user will be able to change the settings freely in the future without having them "smashed" each time they logon.
If these are Windows Server 2008 machines, like your tag says, then there's really no excuse not to use GPP registry settings. Have a look at the articles below for some more details. This is a really nice feature of W2K8, and something you should be taking advantage of.
http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&DisplayLang=en
http://blogs.technet.com/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
On the suggestion of checking the Power Management settings by @joeqwerty I created a new Power Plan with the following settings:
- Display -> Turn off display after -> On battery (minutes): 0
- Display -> Turn off display after -> Plugged in (minutes): 0
I set this as the active power plan, and applied the GPO. After 25 minutes the machines are no longer automatically locking.
Here are the full steps for creating this:
- In Group Policy Management Editor, edit the target GPO
- Go to Computer Configuration\Preferences\Control Panel Settings\Power Options
- In the right pane, right click and select New -> Power Plan (At least Windows 7)
- In the Advanced settings tab, select the Create action
- Enter a new plan name (e.g. "Don't lock")
- Select Set as the active power plan
- Expand Display -> Turn off display after
- Change On battery (minutes) to 0
- Change Plugged in (minutes) to 0
- Click Apply, OK
- Apply the GPO to the target machine(s)
Best Answer
*Edit this makes the theme setting window open at startup I'm looking for a better solution
I was working on this today and came up with a rather simple solution for Windows 10.
Since you can execute theme files, you can add the file to run at startup in the registry or also by adding it to the startup folder I think. I have my theme in a read-only folder on the network and added a startup key on the machine. One drawback of using a startup key is that if you look at the startup list in task manager it shows up as "Program" and if there is more than one you can't tell which is which.
Load a specific theme
located atUser Configuration\Policies\Admin Templates\Personalization
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v %KeyName% /t REG_EXPAND_SZ /d "%Path%\File.theme" /f
You may want to remove the startup key after a while or you can leave in place to force the theme to re-apply after every sign in.
The problem with applying a theme to an existing user profile is that the registry key for setting the theme is per user. There is no computer level theme setting as far as I can tell. The user level setting is set with
CurrentTheme
underComputer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes
. Changing the path doesn't seem to change the theme though.I never found a better solution so I'm using the GPO to apply theme to new user sign-in. For some reason it is not applying all of the settings included in the theme. The slideshow duration is set to 6 hours but new users are set for 30 minutes. I may just add running the theme file to a new user setup script we have and apply it manually for good measure. Another option is a login script you can apply to all users for a time then remove. Or add a logon script to change a system variable when it's applied or check the registry to see if it's applied. There are lots of hacky solutions but nothing provided by Microsoft for existing users unfortunately.