Problem with security GPO filtering

  • Thread starter Thread starter Drazen
  • Start date Start date
D

Drazen

This is our configuration:
- w2k DC having simple domain with default containers intact (Users, Computers...)
- one global security group (group "A") dwfined on level of domain
itself (same level where containers Users and Computers are)
whose members are two domain computers (listed in Computers container).
- group policy "B" defined on whole domain (under Default domain policy)
- for group policy B, Authenticated users were removed under
"Security" settings and our group "A" was added with "Read" and
"Apply group policy".

THe problem is that policy "B" is not applied to security group "A".
Actually the policy is not applied to *ANY* computers.
When GPREsULT is run on machines in security group "A" there is
"Filtering: Denied (Security)". GPRESULT shows NO sign of those two
computers being in security group "A" (and I suppose thats why policy
is not applied to them).

What have I done wrong?
If I remove group "A" from policies "Security" and add those
two computers manually (and set Read, and Apply policy to each of them),
the policy is applied successfully but I'm not satisfied with this
solution. Who can explain this? I hope that everything is explained well...

Thank you,
Drazen
 
This is our configuration:
- w2k DC having simple domain with default containers intact (Users, Computers...)
- one global security group (group "A") dwfined on level of domain
itself (same level where containers Users and Computers are)
whose members are two domain computers (listed in Computers container).
- group policy "B" defined on whole domain (under Default domain policy)
- for group policy B, Authenticated users were removed under
"Security" settings and our group "A" was added with "Read" and
"Apply group policy".

THe problem is that policy "B" is not applied to security group "A".
Actually the policy is not applied to *ANY* computers.
When GPREsULT is run on machines in security group "A" there is
"Filtering: Denied (Security)". GPRESULT shows NO sign of those two
computers being in security group "A" (and I suppose thats why policy
is not applied to them).

What have I done wrong?
If I remove group "A" from policies "Security" and add those
two computers manually (and set Read, and Apply policy to each of them),
the policy is applied successfully but I'm not satisfied with this
solution. Who can explain this? I hope that everything is explained well...

Thank you,
Drazen
Click to expand...

See if http://support.microsoft.com?kbid=231287 helps.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
Back
Top