I have over a dozen existing group policies in my network that work fine. I just created a new one for Windows Update settings on the computers. I've edited the Computer settings in the GP, and added the Domain Computers group and another I created (WSUS-Workstations) to the Security Filtering section. I've linked it to the OU.
Even after running gpupdate and rebooting a test system that is a member of both groups several times, the group policy is not applied.
The message is "The following GPOs were not applied because they were filtered out" and
Filtering: Denied (Security)"
I do not understand why I would get a security denial when I've added both groups to the Security Filtering.