Solved

Computer GPO Access Denied

Posted on 2009-04-08
2
639 Views
Last Modified: 2012-05-06
Hi

I created a gpo on a windows 2003 serve to apply to a windows xp client. I had some settings on both user and computer settings, so i enabled loopback. Then i removed the authenicated user from the gpo and applied the user group i want for this gpo and then linked the gp to an ou that contains both the users and pc's in question. Now when a user logs on the user side settings allpy but not the computer side and if i run gpresult it tells me the computer side gpo did not apply access denied. Now if i add the target pc to the security tab and reboot the pc it then works. is this the case? do i have to add every single pc to this security filter as well as users?

ta
0
Comment
Question by:kingcastle
2 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 300 total points
ID: 24095805
Yes this is the case,

since it is a loopback policy then the computer is the one reading it and applying it on the user,

So the computer should have permissions on it
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 200 total points
ID: 24104169
It's kind of tough to manage GPOs in your OU layout. By configuring both User settings as well as computer settings in the same GPO and linked ot OU with both computers and user accounts plus loopback makes it even more complicated.

You said that all your user settings gets applied but not computer settings, I'm just curious why and how you use the loopback policy as well as what computer and user settings in this GPO.

My suggestion is it would be a lot easier to separate and create one root OU for workstations and one for Users. Under each root OU, organize the objects by locations as user and workstation account are more senetive to location. This way, you would have a better control of GPO links as well as a better way of eliminating extra works and reduce complexity of your GPO and OUs in the future.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question