Security Groups and Group Policy

J

John Smith

Hi all,

can someone help me out please... I have a Group Policy applied on the
top level (the Domain) which applies to a security group - I have
unchecked the "apply policy to authenicated users" and added my group
and enabled the Read & Apply policy rights... my problem is that
whilst the policy is applied to any users directly in the security
group, it does not seem to want to apply its self to any other users
which exist in security sub-groups

(eg Policy applies to a group called "Top Level" which has Users A, B
and C in, along with a sub-group called "LevelTwo" with users D and E
in... The policy is applied to Users A, B and C ok but not to users D
and E... any ideas please? - or do I have to put all sub-group members
into "Top Level" which I'm trying to avoid as we have 20+ sub groups
each with 20+ members!!!)

many thanks in advance

John
 
T

Tim Springston \(MSFT\)

Hi John-

If I understand correctly, you are talking about editing the group policy
ACLs so that the Read and Apply Group Policy Allow entries allow the folks
to apply the appropriate policy.

You do need to explicitly put the users or groups themselves into the access
control list for the policy in order for that to process as it should. If
choosing a group to add it does need to be a group the user is a direct
member of.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

local security policy does not get applied 2
Group Policy for Terminal Server not working 2
Different group, different active directory group policy 2
Incorrect GPResult result 3
Policy not applying 1
Group Policy Processing differences ... 3
Problem with security GPO filtering 1
Trouble with GPO security filtering 2

Top