Bonnie_K
asked on
Group Policy - Access denied Security Filtering
Hello,
I am trying to setup a group policy to hide the c and d drives of our citrix servers for users.
I created an OU called citrix servers and moved the citrix servers into it.
I then created a group policy and enabled "user group policy loopback processing mode" (tried both merge and replace) and "hide these specified drives in my computer."
I linked the group policy to the citrix servers OU
I added a user account on the scope tab under security filtering and I can see the user has Read when looking at the delegation tab
The GPO status is disabled
When I run Group Policy Results and pick that user and one of the citrix servers, that policy doesn't show up in Applied or Denied. But when I tried to use Group Policy Modeling, I saw that Hide Citrix Drives policy in the Denied Poicy listing. The reason as Access Denied (Group Policy Filtering)
I do not know what I am missing here but have spent hours on this. Any ideas?
Thanks,
Bonnie
I am trying to setup a group policy to hide the c and d drives of our citrix servers for users.
I created an OU called citrix servers and moved the citrix servers into it.
I then created a group policy and enabled "user group policy loopback processing mode" (tried both merge and replace) and "hide these specified drives in my computer."
I linked the group policy to the citrix servers OU
I added a user account on the scope tab under security filtering and I can see the user has Read when looking at the delegation tab
The GPO status is disabled
When I run Group Policy Results and pick that user and one of the citrix servers, that policy doesn't show up in Applied or Denied. But when I tried to use Group Policy Modeling, I saw that Hide Citrix Drives policy in the Denied Poicy listing. The reason as Access Denied (Group Policy Filtering)
I do not know what I am missing here but have spent hours on this. Any ideas?
Thanks,
Bonnie
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It did work, I think I needed to wait a minute for changes to propagate
The GPO should be enabled, when you gave the user read did you also check to apply the group policy to the user? Also, there is a program out ther called HIDECALC that will help if you would like to hide other drive letters as well. it creates a .adm.
ASKER
I noticed in Group Policy Results, that the GPO is listed, but by its unique identifier and not its name. The reason it is denied when looking at the Group Policy Results is "inaccessable"