GPO not taking effect

I have recently added a GPO that enables account logon events to be logged on all workstations. I have created/linked/enabled the GPO and made the proper configs in the audit policy. I ran gpupdate /force on the server and workstation but my settings are not taking effect. What am I doing wrong?
mhmservicesAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
willettmeisterConnect With a Mentor Commented:
You must have a GPO higher in precedence that is setting a conflicting policy.  Run gpresult against the traget workstation and look at the GPO's that are being applied and check to ensure that nothing is conflicting with your new policy.
0
 
mhmservicesAuthor Commented:
It is saying that it was "filtered out"
0
 
snoopfroggConnect With a Mentor Commented:
Like willettmeister referred to, do you have other GPOs with auditing settings enabled or disabled?  Does the GPO you created have any filtering enabled via security group or user permissions?  Are WMI filters in use on the GPO?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
willettmeisterCommented:
You must be using either security filtering or WMI filtering then  Check the GPO to ensure that you are in the correct security group or that the the system you are looking at satisfies the WMI query.
0
 
MightySWConnect With a Mentor Commented:
Yes, it was filtered out because the default domain policy is conflicting.  You need to either create another OU, block inheritance, and then link that OU or have it overwritten by the Default Domain Policy.
0
 
MightySWCommented:
Also, you need to just ensure that you apply it to authenticated users...Don't get fancy with groups when you are trying to troubleshoot GPO's.

Create the separate OU or change the security / audit settings in the Default Domain Policy.  
0
 
snoopfroggCommented:
I'd definitely stay away from filtering via security principals as it makes troubleshooting issues like this more difficult.  I prefer to use WMI or the methods MIghtySW mentioned (create another OU, or block inheritance).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.