Is there a GPO option to disable the idle-time screensaver for RDP connections, but keep the idle-time screensaver options for interactive logins?
Edit: All users are TS users as well a local so they are in the same OU. We need the screensaver 'disabled' when they RDP.
Some months ago I published my solution to this problem here. As a reaction on the post of tfrederick74656 (below) I stated to have a better solution using the Item-level targeting for the Remote desktop.
After I posted this, it worked for one or two days and then did nothing anymore. After some months of doing other things and wondering what really happens I started all over again. And this time I really have the solution to the problem!
Goal: All laptops, desktops and servers with lock screen policy, except RDP's.
It is not an item-level-targeting solution anymore, but a script and one setting together in a GPO. As told on other places there are four settings that you will need:
Enable screen saver
Enabled Password protect the screen saver
Enabled Force specific screen saver
Enabled ScreenSaveTimeOut [time in seconds]
Because I don’t know what setting is responsible for this thing to work, I wanted to get them all in the script. One setting I couldn’t find, so this one is separated from the others: Force specific screensaver. (You don’t have to tell the system what screensaver you will need.) The other thing we need is a script: LockDesktopAfter3MinutesExceptRDP.PS1
Here’s the GPO: User configuration - Policies - Administrative Templates - Control Panel - Personalization - Force specific screensaver: Enabled (You don’t have to tell the system what screensaver you will need.)
And here’s the script that I added into the GPO:
And this is what the script is about:
When you type ‘query session’ in a cmd box, you will get your session and possible other sessions in a few lines. Your own session has a ‘greater-than sign’ at the start of the line.
The powershell script reads this output line by line and checks if ‘>console’ or ‘>rdp-tcp’ is present. Now you know if you are dealing with a remote desktop –desktop or a console-desktop. You can now change the lock-desktop behavior depending on the situation by changing the registry items.
But this is only half of the solution.
The real problem was that you have to tell the system that you want the result NOW. This is done by running the last line of the script.
I hope this will help you out.
So as @ELT comments, you need to put in place a loopback policy, so full set up would be:
This last policy will force to calculate the settings of this GPO as if the user belongs to the OU where the server is. Therefore, will take "Enable screen saver: Disabled".
I would put the TS users in a separate OU per this Microsoft's technet article.
Change this PO in the Group Policy snap-in under:
I know this is an old question, and this is a bit hackish of an answer, but you could simply make a Group Policy Preferences Registry item to disable the screensaver when the session name contains RDP. You could set up the registry item to set the timeout to something ridiculous like 9999 minutes:
Then set up the targeting to only apply when the session name matches an RDP session. There's no wildcard, but the number is incremented at each RDP logon, resetting at reboots, so just put in a bunch.
Not exactly an elegant solution, but it would get the job done. Make sure you create this as a user policy, and check the "run in current user context" box.
Never done it with screensavers but have implemented a similar type of policy with printers.
GPO that targets just the specific OU with the Terminal Servers -note* we are targeting computer objects. Use loopback policy to enforce the screensaver settings on users; if configured correctly, it should apply to all users at logon.