Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 653
  • Last Modified:

Computer GPO Access Denied

Hi

I created a gpo on a windows 2003 serve to apply to a windows xp client. I had some settings on both user and computer settings, so i enabled loopback. Then i removed the authenicated user from the gpo and applied the user group i want for this gpo and then linked the gp to an ou that contains both the users and pc's in question. Now when a user logs on the user side settings allpy but not the computer side and if i run gpresult it tells me the computer side gpo did not apply access denied. Now if i add the target pc to the security tab and reboot the pc it then works. is this the case? do i have to add every single pc to this security filter as well as users?

ta
0
kingcastle
Asked:
kingcastle
2 Solutions
 
AkhaterCommented:
Yes this is the case,

since it is a loopback policy then the computer is the one reading it and applying it on the user,

So the computer should have permissions on it
0
 
AmericomCommented:
It's kind of tough to manage GPOs in your OU layout. By configuring both User settings as well as computer settings in the same GPO and linked ot OU with both computers and user accounts plus loopback makes it even more complicated.

You said that all your user settings gets applied but not computer settings, I'm just curious why and how you use the loopback policy as well as what computer and user settings in this GPO.

My suggestion is it would be a lot easier to separate and create one root OU for workstations and one for Users. Under each root OU, organize the objects by locations as user and workstation account are more senetive to location. This way, you would have a better control of GPO links as well as a better way of eliminating extra works and reduce complexity of your GPO and OUs in the future.
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now