Solved

Computer GPO Access Denied

Posted on 2009-04-08
2
641 Views
Last Modified: 2012-05-06
Hi

I created a gpo on a windows 2003 serve to apply to a windows xp client. I had some settings on both user and computer settings, so i enabled loopback. Then i removed the authenicated user from the gpo and applied the user group i want for this gpo and then linked the gp to an ou that contains both the users and pc's in question. Now when a user logs on the user side settings allpy but not the computer side and if i run gpresult it tells me the computer side gpo did not apply access denied. Now if i add the target pc to the security tab and reboot the pc it then works. is this the case? do i have to add every single pc to this security filter as well as users?

ta
0
Comment
Question by:kingcastle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 300 total points
ID: 24095805
Yes this is the case,

since it is a loopback policy then the computer is the one reading it and applying it on the user,

So the computer should have permissions on it
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 200 total points
ID: 24104169
It's kind of tough to manage GPOs in your OU layout. By configuring both User settings as well as computer settings in the same GPO and linked ot OU with both computers and user accounts plus loopback makes it even more complicated.

You said that all your user settings gets applied but not computer settings, I'm just curious why and how you use the loopback policy as well as what computer and user settings in this GPO.

My suggestion is it would be a lot easier to separate and create one root OU for workstations and one for Users. Under each root OU, organize the objects by locations as user and workstation account are more senetive to location. This way, you would have a better control of GPO links as well as a better way of eliminating extra works and reduce complexity of your GPO and OUs in the future.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question