I recently changed our organization's computer lock timeout from 90 minutes to just 10 minutes, and while it seemed like a reasonable move, the pushback was real! Now, we're making exceptions for certain users, which is a bit ironic. I created a separate group policy that should only impact a specific group of users, but they're still getting locked out after 10 minutes despite enforcing this new rule. It feels like a simple fix to some, but this is territory I haven't navigated before. I usually handle server and network issues, but since my coworker left, I'm feeling overwhelmed with these GPM rules. Any help would be appreciated! Edit: I found out my test computer now remains unlocked for over 18 minutes.
2 Answers
Just a heads up about the 'Enforced' setting—it's not quite what you might think. Make sure to check the link order in the OU you’re targeting, because GPOs apply in a bottom-up fashion. If a GPO has a lower order number, it will take precedence over one with a higher number.
Try using 'gpresult /h' on the affected machines to see which policy is actually applying. You might need to adjust their OU location so the right policy takes effect. If the original policy is affecting all authenticated users, consider denying that policy for the specific users you’re trying to exempt.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures