Problem with security GPO filtering

D

Drazen

This is our configuration:
- w2k DC having simple domain with default containers intact (Users, Computers...)
- one global security group (group "A") dwfined on level of domain
itself (same level where containers Users and Computers are)
whose members are two domain computers (listed in Computers container).
- group policy "B" defined on whole domain (under Default domain policy)
- for group policy B, Authenticated users were removed under
"Security" settings and our group "A" was added with "Read" and
"Apply group policy".

THe problem is that policy "B" is not applied to security group "A".
Actually the policy is not applied to *ANY* computers.
When GPREsULT is run on machines in security group "A" there is
"Filtering: Denied (Security)". GPRESULT shows NO sign of those two
computers being in security group "A" (and I suppose thats why policy
is not applied to them).

What have I done wrong?
If I remove group "A" from policies "Security" and add those
two computers manually (and set Read, and Apply policy to each of them),
the policy is applied successfully but I'm not satisfied with this
solution. Who can explain this? I hope that everything is explained well...

Thank you,
Drazen
 
J

Jerold Schulman

This is our configuration:
- w2k DC having simple domain with default containers intact (Users, Computers...)
- one global security group (group "A") dwfined on level of domain
itself (same level where containers Users and Computers are)
whose members are two domain computers (listed in Computers container).
- group policy "B" defined on whole domain (under Default domain policy)
- for group policy B, Authenticated users were removed under
"Security" settings and our group "A" was added with "Read" and
"Apply group policy".

THe problem is that policy "B" is not applied to security group "A".
Actually the policy is not applied to *ANY* computers.
When GPREsULT is run on machines in security group "A" there is
"Filtering: Denied (Security)". GPRESULT shows NO sign of those two
computers being in security group "A" (and I suppose thats why policy
is not applied to them).

What have I done wrong?
If I remove group "A" from policies "Security" and add those
two computers manually (and set Read, and Apply policy to each of them),
the policy is applied successfully but I'm not satisfied with this
solution. Who can explain this? I hope that everything is explained well...

Thank you,
Drazen
Click to expand...

See if http://support.microsoft.com?kbid=231287 helps.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trouble with GPO security filtering 2
local security policy does not get applied 2
Incorrect GPResult result 3
GPResult lists machine policy as "Denied (Security)." Don't know w 4
New GPO are failing 4
Windows XP Logon script location 3
Group Policy Update 7
Group Policies have stopped working. 2

Top