Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

The following GPOs were not applied because they were filtered out

Posted on 2012-03-23
4
Medium Priority
?
3,296 Views
Last Modified: 2012-04-19
I have over a dozen existing group policies in my network that work fine. I just created a new one for Windows Update settings on the computers. I've edited the Computer settings in the GP, and added the Domain Computers group and another I created (WSUS-Workstations) to the Security Filtering section. I've linked it to the OU.

Even after running gpupdate and rebooting a test system that is a member of both groups several times, the group policy is not applied.

The message is "The following GPOs were not applied because they were filtered out" and
"WSUS-workstations
    Filtering:  Denied (Security)"

I do not understand why I would get a security denial when I've added both groups to the Security Filtering.
0
Comment
Question by:SKpollyanna
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37758408
It sounds like you have it setup right.  In the advanced settings in the ACL check for any deny entries.

Then I'd maybe take one of the groups out of the filter, run the rsop again, see if there is one group that is having issues.  Start with just the WSUS group.
0
 
LVL 11

Accepted Solution

by:
X_layer earned 2000 total points
ID: 37761492
Try this:
1. Create a computer OU.
2. Create a GPO with the three policy settings defined. Link the GPO to the computer OU.
3. Under Security Filter for the GPO, remove Authentic Users from the list, add the computers and users you want the GPO to apply to.
0
 
LVL 41

Expert Comment

by:footech
ID: 37761559
You may want to check under "Security Group Membership when Group Policy was applied" for the gpresults to verify which groups the computer thinks it is a member of.
0
 

Author Closing Comment

by:SKpollyanna
ID: 37865764
Thank you. I will try this.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question