Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

The following GPOs were not applied because they were filtered out

Posted on 2012-03-23
4
Medium Priority
?
3,422 Views
Last Modified: 2012-04-19
I have over a dozen existing group policies in my network that work fine. I just created a new one for Windows Update settings on the computers. I've edited the Computer settings in the GP, and added the Domain Computers group and another I created (WSUS-Workstations) to the Security Filtering section. I've linked it to the OU.

Even after running gpupdate and rebooting a test system that is a member of both groups several times, the group policy is not applied.

The message is "The following GPOs were not applied because they were filtered out" and
"WSUS-workstations
    Filtering:  Denied (Security)"

I do not understand why I would get a security denial when I've added both groups to the Security Filtering.
0
Comment
Question by:SKpollyanna
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37758408
It sounds like you have it setup right.  In the advanced settings in the ACL check for any deny entries.

Then I'd maybe take one of the groups out of the filter, run the rsop again, see if there is one group that is having issues.  Start with just the WSUS group.
0
 
LVL 11

Accepted Solution

by:
X_layer earned 2000 total points
ID: 37761492
Try this:
1. Create a computer OU.
2. Create a GPO with the three policy settings defined. Link the GPO to the computer OU.
3. Under Security Filter for the GPO, remove Authentic Users from the list, add the computers and users you want the GPO to apply to.
0
 
LVL 41

Expert Comment

by:footech
ID: 37761559
You may want to check under "Security Group Membership when Group Policy was applied" for the gpresults to verify which groups the computer thinks it is a member of.
0
 

Author Closing Comment

by:SKpollyanna
ID: 37865764
Thank you. I will try this.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question