Solved

The following GPOs were not applied because they were filtered out

Posted on 2012-03-23
4
2,649 Views
Last Modified: 2012-04-19
I have over a dozen existing group policies in my network that work fine. I just created a new one for Windows Update settings on the computers. I've edited the Computer settings in the GP, and added the Domain Computers group and another I created (WSUS-Workstations) to the Security Filtering section. I've linked it to the OU.

Even after running gpupdate and rebooting a test system that is a member of both groups several times, the group policy is not applied.

The message is "The following GPOs were not applied because they were filtered out" and
"WSUS-workstations
    Filtering:  Denied (Security)"

I do not understand why I would get a security denial when I've added both groups to the Security Filtering.
0
Comment
Question by:SKpollyanna
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37758408
It sounds like you have it setup right.  In the advanced settings in the ACL check for any deny entries.

Then I'd maybe take one of the groups out of the filter, run the rsop again, see if there is one group that is having issues.  Start with just the WSUS group.
0
 
LVL 11

Accepted Solution

by:
X_layer earned 500 total points
ID: 37761492
Try this:
1. Create a computer OU.
2. Create a GPO with the three policy settings defined. Link the GPO to the computer OU.
3. Under Security Filter for the GPO, remove Authentic Users from the list, add the computers and users you want the GPO to apply to.
0
 
LVL 39

Expert Comment

by:footech
ID: 37761559
You may want to check under "Security Group Membership when Group Policy was applied" for the gpresults to verify which groups the computer thinks it is a member of.
0
 

Author Closing Comment

by:SKpollyanna
ID: 37865764
Thank you. I will try this.
0

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now