So, you cannot select the computers on which you want to update the policy settings.
User B can be at her desk and her screen Never locks, but I have her sign onto a computer in my office, and the screen will lock after 10 minutes of no activity. What I have done: - perform gpupdate /force (many times over a week) - compare gpresult /r and gpresult /z on each machine with no difference on any one them (many times over a week) - created a brand new (not a copy / paste) screen-lockout GPO (same results as old one) - rebooted computers (many times over a week) - request another user to log onto a computer that will not lock screen (it locked for them) - checked user security in AD to be use they are part of the Domain, about 10 times or more - used Group Policy Modeling in the GPMC to compare user A to computer A/User A to Computer B - results are the same for each. - Checked DNS to be sure all information was okay and dns had no issues.
- restarted Netlogon service, dns server, dns client services on the AD Servers. I have created many many GPOs, and can usually fix them when issues arise, but this one has be baffled.
Despite the name “Authenticated Users” actually includes both logged on users but also computer objects from either the same domain or a trusted domain.
This means that a default GPO will be applied to all users and computers located in some OU to which the GPO are linked somewhere above.
Be aware, this method will display the command prompt with “Updating Policy” on the computer objects you run it against. If you’re not using Server 2012, you can still achieve the above with fairly little effort using Powershell to generate a list of computers and PSEXEC to run the GPUpdate command.