The following GPOs were not applied because they were filtered out

I have over a dozen existing group policies in my network that work fine. I just created a new one for Windows Update settings on the computers. I've edited the Computer settings in the GP, and added the Domain Computers group and another I created (WSUS-Workstations) to the Security Filtering section. I've linked it to the OU.

Even after running gpupdate and rebooting a test system that is a member of both groups several times, the group policy is not applied.

The message is "The following GPOs were not applied because they were filtered out" and
"WSUS-workstations
    Filtering:  Denied (Security)"

I do not understand why I would get a security denial when I've added both groups to the Security Filtering.
SKpollyannaIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
It sounds like you have it setup right.  In the advanced settings in the ACL check for any deny entries.

Then I'd maybe take one of the groups out of the filter, run the rsop again, see if there is one group that is having issues.  Start with just the WSUS group.
0
X_layerCommented:
Try this:
1. Create a computer OU.
2. Create a GPO with the three policy settings defined. Link the GPO to the computer OU.
3. Under Security Filter for the GPO, remove Authentic Users from the list, add the computers and users you want the GPO to apply to.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
footechCommented:
You may want to check under "Security Group Membership when Group Policy was applied" for the gpresults to verify which groups the computer thinks it is a member of.
0
SKpollyannaIT ManagerAuthor Commented:
Thank you. I will try this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.