[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

Computer group in Security Filtering of GPO won't work

This is driving me nuts. I have a GPO I want to apply to specific computers. I have created an AD Global group with these computers added as members. I add this group to the security filtering section of the SUS policy I created, removed Authenticated Users and I rebooted my Windows 7 computer and it won't take effect. IF I put the computer object in the AD container where the GPO is linked....it works no problem. The computer objects that I need to move are already in another container with another GPO applied to it which is why I thought a group in Security Filtering would work nicely.
Am I doing something wrong? Your thoughts would be appreciated.

Thanks,
BW
0
bwinkworth
Asked:
bwinkworth
1 Solution
 
Mike KlineCommented:
The computer object has to be in the OU (or child/sub OU) where that GPO is linked if you want the settings to apply to it.
So since you are using security filtering you can also just link the policy at the domain level and then it will only apply to the members of the group.
SO if you have   OU_A  and OU_B and your computer is in OU_B and the GPO is linked at A (these are not parent/child in this example) then the policy will never apply to the machine regardless of the filter.
 
Thanks
Mike
0
 
bwinkworthAuthor Commented:
Thanks a lot Mike!
Now it makes sense. I relinked the policy in the domain area and the security filtering works now.

BW
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now