Group Policy Issues - No mapping between account names and security id’s was done.

What I was hoping to do is to create a group policy to block users from accessing the connections tab of internet explorer. At the moment, we have a proxy enabled but users disable this in connection settings to access internet.

The steps I have taken to create this is:

1)      I’ve created a group called ‘blockusersinternet’. It is a global security group and contains the users I require to block internet access to.
2)      Next, I opened the GPMC. Right clicked on group ‘blockinternetaccess’ and created and link a gpo.
3)      In this group, I removed ‘Authenticated users’ and added the ‘blockusersinternet’ group.
4)      After this, I edited the gpo to disable the connections page in internet explorer.
5)      I ran gpupdate /force on the server.
6)      I’ve checked this on a machine as the user I hoped to block, but they still have access to connections page in internet explorer. I’ve done log off, restarts etc.
7)      I’ve ran a group policy modelling wizard, but while it lists the user as a member of the ‘blockusersinternet’ group, it doesn’t list the gpo to block internet access in either applied or denied gpo’s.
8)      At the moment, there is only a default group policy that applies to all users. This appears to work.
9)      I’ve tried creating a similar policy at another location and here it worked.

I’ve had a look at the event viewer and am getting the following message:

Security policies where propagated with warning 0x534. No mapping between account names and security id’s was done.

The particular group that I’m applying this to has only a single user. It was added with the ‘check names’ functionality so should be correct. User can log in and access domain.
Who is Participating?
collie3Connect With a Mentor Author Commented:
Solved this. What I was doing was linking this to a Group. When I linked it to the domain, the policy was applied.
Have you seen this?
and a similar problem here?
and here?
They seem to have the 534 error and relates to a user.
Have you tried creating a new user and replicate the persons account on the new user and see if it does what it should do on a new user account?
That's what I'd do first.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.