?
Solved

IP filtering with Security Policy - Filtering:  Not Applied (Empty)

Posted on 2009-02-20
7
Medium Priority
?
1,737 Views
Last Modified: 2013-11-15
So I built a IP filter policy and get error when I run gpresults on windows xp client

        Another ACL Policy
            Filtering:  Not Applied (Empty)

I created the filter by creating the GPO in GPMC and then applied it to my OU - As you see from the gpresults output the policy is being applied but is filtered because it's "empty" ??!!?  Any ideas of things I can try to get this resolved..?

see screen shot for my AD settings, kinda..

*** see verbos error message below ***



USER SETTINGS
--------------
    CN=testingpublic,OU=test,DC=mdesad,DC=mdesnet,DC=ms,DC=gov
    Last time Group Policy was applied: 2/19/2009 at 2:20:14 PM
    Group Policy was applied from:      hqsoad001.mdesad.mdesnet.ms.gov
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Workstation Policies - Common
        Digital_Persona
        Workstation Policies - Common
        Domain Workstations - PowerCfg & Admin
        Default Domain Policy
        Domain Workstations - PowerCfg & Admin
        Workstation Policies - Common
        Default Domain Policy
        Domain Workstations - PowerCfg & Admin

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Another ACL Policy
            Filtering:  Not Applied (Empty)
scrennshot.bmp
0
Comment
Question by:gevansmdes
  • 3
  • 3
7 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 23698742
Hi!

You configured settings under Computer configuration, now you have to put computer account in test OU and check if policy applies. You can't configure IPSec for users. If you would change any user setting in your policy, then it would be processed for users also.

HTH

Toni
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 23702598
Toni is absolutely correct... IPSEC settings get applied to computers, not users.
And if Toni looked at the screenshot, it shows that the settings ARE in the correct place.

0
 

Author Comment

by:gevansmdes
ID: 23712070
     Filtering:  Not Applied (Empty)

can I debug this in anyway?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 23712193
Again, this message means that you didn't configure User configuration settings. This part of policy is empty (AD and sysvol version is 0), that is why is not processed. There is nothing to process.

You can change any setting under User configuration and then this policy will be processed for users, but IPSec policies won't work, because they are part of Computer configuration.
0
 

Author Comment

by:gevansmdes
ID: 23712898
toniur:

you're correct.. I added the computer to the OU and the policy is enforced..

my issue is I need these setting to take effect at at the user level.. So when users log in to the domain these setting take effect no matter what PC they log in to.. do you know of any way to make this happen?

Thanks
0
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 2000 total points
ID: 23713090
IPSec can not be applied to users, but you can link GPO with IPSec policy to an OU which contains all computer accounts.

For example, let's say that this is you OU hiearchy:

domain.com
+ Domain Controllers OU (<-- Should not have IPSec Policies enabled)
+ All other computers OU <-- Link GPO here
  + Servers
  + Desktops
  + ...

Or create multiple links for all OUs whic contain computer accounts.
0
 

Author Closing Comment

by:gevansmdes
ID: 31549311
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question