We help IT Professionals succeed at work.

Group Policy Security Filtering problem

Last Modified: 2012-05-05
I'm trying to apply a Group Policy with Security filtering.  AD 2003.  I created a Global Security Group and put the computer objects in this group.  Both are windows xp sp2.  Then I removed the Authenticated users group and put this group in it's place.  It has both Read and Apply group policy object selected.  It is a machine based policy.
The computer objects are in the OU with GPO applied, link is enabled, etc.,
If I put Authenticated users in, it gets the policy by doing a gpupdate /force right away.

Any ideas?
Watch Question

Solutions Architect
This one is on us!
(Get your first solution completely free - no credit card required)


Well, very strange things happening.  Now the policy is taking with the groups.  Before it was not taking with the security group, but was with Authenticated users, that's why I was thrown off.  And a GPRESULT is not showing the policy applying.  When I put in Authenticated users though, it does show the policy is applying.
PberSolutions Architect

So things are working now?
If you want to see what is really going on, try using Policy Reporter (http://www.sysprosoft.com/policyreporter.shtml)
Try to see if you can use the RSOP to find the policy applying.

Hope this helps
I have had an issue myself once with GP filtering based on groups holding computer accounts not working. You could try the following;

1 - Add individual computer accounts to the GPO filter list (it's a fiddle via the GUI but it can be done). See if this makes any difference

2 - Create a different group and make it Domain Local rather than Global. Add the computer accounts as members and try using it to do the GPO filtering.


It seems to be hit and miss.  Sometimes, it will work without a reboot, other times it won't.  I tried adding individual computer accounts & local groups with the same result.  Authenticated users did work more seamlessly though.  I did an RSOP as well, inconsistent also.  Thanks for everyones input.
Check your event logs on the clients. You may have a DNS problem. I strongly recommend Policy Reporter which I posted a link to earlier. This can be used to enable verbose logging on client PCs and analyse the resulting logs.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.