Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Computer group in Security Filtering of GPO won't work

Posted on 2010-09-01
2
Medium Priority
?
698 Views
Last Modified: 2012-05-10
This is driving me nuts. I have a GPO I want to apply to specific computers. I have created an AD Global group with these computers added as members. I add this group to the security filtering section of the SUS policy I created, removed Authenticated Users and I rebooted my Windows 7 computer and it won't take effect. IF I put the computer object in the AD container where the GPO is linked....it works no problem. The computer objects that I need to move are already in another container with another GPO applied to it which is why I thought a group in Security Filtering would work nicely.
Am I doing something wrong? Your thoughts would be appreciated.

Thanks,
BW
0
Comment
Question by:bwinkworth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 33581245
The computer object has to be in the OU (or child/sub OU) where that GPO is linked if you want the settings to apply to it.
So since you are using security filtering you can also just link the policy at the domain level and then it will only apply to the members of the group.
SO if you have   OU_A  and OU_B and your computer is in OU_B and the GPO is linked at A (these are not parent/child in this example) then the policy will never apply to the machine regardless of the filter.
 
Thanks
Mike
0
 

Author Closing Comment

by:bwinkworth
ID: 33587927
Thanks a lot Mike!
Now it makes sense. I relinked the policy in the domain area and the security filtering works now.

BW
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question