Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Computer group in Security Filtering of GPO won't work

Posted on 2010-09-01
2
692 Views
Last Modified: 2012-05-10
This is driving me nuts. I have a GPO I want to apply to specific computers. I have created an AD Global group with these computers added as members. I add this group to the security filtering section of the SUS policy I created, removed Authenticated Users and I rebooted my Windows 7 computer and it won't take effect. IF I put the computer object in the AD container where the GPO is linked....it works no problem. The computer objects that I need to move are already in another container with another GPO applied to it which is why I thought a group in Security Filtering would work nicely.
Am I doing something wrong? Your thoughts would be appreciated.

Thanks,
BW
0
Comment
Question by:bwinkworth
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 33581245
The computer object has to be in the OU (or child/sub OU) where that GPO is linked if you want the settings to apply to it.
So since you are using security filtering you can also just link the policy at the domain level and then it will only apply to the members of the group.
SO if you have   OU_A  and OU_B and your computer is in OU_B and the GPO is linked at A (these are not parent/child in this example) then the policy will never apply to the machine regardless of the filter.
 
Thanks
Mike
0
 

Author Closing Comment

by:bwinkworth
ID: 33587927
Thanks a lot Mike!
Now it makes sense. I relinked the policy in the domain area and the security filtering works now.

BW
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question