Computer GPO Access Denied

Hi

I created a gpo on a windows 2003 serve to apply to a windows xp client. I had some settings on both user and computer settings, so i enabled loopback. Then i removed the authenicated user from the gpo and applied the user group i want for this gpo and then linked the gp to an ou that contains both the users and pc's in question. Now when a user logs on the user side settings allpy but not the computer side and if i run gpresult it tells me the computer side gpo did not apply access denied. Now if i add the target pc to the security tab and reboot the pc it then works. is this the case? do i have to add every single pc to this security filter as well as users?

ta
kingcastleAsked:
Who is Participating?
 
AkhaterConnect With a Mentor Commented:
Yes this is the case,

since it is a loopback policy then the computer is the one reading it and applying it on the user,

So the computer should have permissions on it
0
 
AmericomConnect With a Mentor Commented:
It's kind of tough to manage GPOs in your OU layout. By configuring both User settings as well as computer settings in the same GPO and linked ot OU with both computers and user accounts plus loopback makes it even more complicated.

You said that all your user settings gets applied but not computer settings, I'm just curious why and how you use the loopback policy as well as what computer and user settings in this GPO.

My suggestion is it would be a lot easier to separate and create one root OU for workstations and one for Users. Under each root OU, organize the objects by locations as user and workstation account are more senetive to location. This way, you would have a better control of GPO links as well as a better way of eliminating extra works and reduce complexity of your GPO and OUs in the future.
0
All Courses

From novice to tech pro — start learning today.