I've recently adjusted our group's computer lock policy from a 90-minute timeout to just 10 minutes, which understandably caused some frustration among users. To address the complaints, I created a specific rule for a group of users to exempt them from this new lockout duration, but they are still getting locked after 10 minutes. I've enforced this new rule since the original applies to all authenticated users. I'm new to dealing with these specific Group Policy Management settings; typically, I've only worked on server and network aspects. My coworker, who was the expert in this area, has left, and now I have to figure this out on my own. Any guidance would be really helpful! I've made some progress and my test computer is now at over 18 minutes without locking!
3 Answers
You should run `gpresult /h` on your affected machines to see which policy is currently applying. If necessary, check their organizational unit (OU) locations to ensure that the correct policy is in effect. Another approach is to deny the original policy in the scope for the specific users that are meant to be exempt.
Just a heads up, 'Enforced' doesn't behave as you might assume. You really need to consider the link order of the OUs you're working with. Remember, GPOs apply from the bottom up, so a GPO with a lower link number can override a higher one. You might want to verify that the conflicting GPOs aren’t linked in the same OU or that you don’t have any unexpected precedence issues.
First, make sure that both the old and new policies are being applied. You can check this with `gpresult /r` as a general user and `gpresult /r /scope:computer` from an elevated command prompt. If you find that only the new policy is visible, it could indicate a missed replication in the domain controller or the old policy still being 'tattooed' in your machine. It's crucial to figure out what is actually applying at the machine level instead of what you think should be applying.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures