I have a Windows Server 2003 network. Our main groups of users are Students and Faculty/Staff.
Our domain policy is very minimally customized, but we do have some specifics such as enforcing a password protected screen saver, and only the Faculty/Staff groups have a shutdown button. We also enforce password security.
I am trying to figure out the best way to exempt a group of computers from the password protected screen saver timeout. These are 2 specific labs that use Court Reporting equipment that does not generate a signal to the computer that it is in use. So, the screensaver will come on, messing up their timed tests.
I have already created a group that contains the computers in the two labs. I know I can exempt the group from the ENTIRE domain policy, but I only want to exempt them from the Screen Saver portion. I can’t find a way to target the computer group for just that portion of the policy.
I could create a second domain policy, under the main domain policy, configuring it exactly the same except for the screen saver, then exempt the main policy for that group and apply the second policy. Is this the way to go? I don’t want to make this complicated.
I could also create another OU for these computers and apply a second policy to them.
What’s the ideal way to do this?