• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 767
  • Last Modified:

Windows 2008 GPO Denied Security Error

Hello,
Here are the basics:
Windows 2008 R2 Server, Windows 7 workstation, Group Policy Management, User Configuration>Policies>Internet Explorer Maintenance

-I have created 2 security groups in AD. One for Computers, One for Users
-I have created a new GPO to set a local policy on the windows 7 workstations under computer configuration (works fine) and user policy to add browser configurations (does not work). I changed the names of the actual domain to DOMAIN in the error log and blacked it out in the attached pic of the GPO Settings. Under delegation the WDS Security Group has read and AGP allowed. This is being tested on 1 workstation and one user only. I have tried recreating this. Same results. Verified everything I think I can verify. Same results. There was an older proxy policy removed and no longer in user however on the workstation when running gpresult I still see the user results as the old policy name and the old policy settings although the policy is no longer in place at all as you can see from attached picture.  Thanks in advance. I have scoured the internet and tried many different things. Any help would be appreciated.

from the error log
The following Group Policy objects were not applicable because they were filtered out :

Local Group Policy
      Not Applied (Empty)
WDS Test
      Denied (Security)
Details:
DescriptionString Local Group Policy Not Applied (Empty) WDS Test Denied (Security)  
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>0</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO><GPO ID="{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}"><Name>WDS Test</Name><Version>-65535</Version><SOM>LDAP://DC=DOMAIN,DC=com</SOM><FSPath>\\DOMAIN.com\SysVol\DOMIAN.com\Policies\{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}\Machine</FSPath><Reason>DENIED-SECURITY</Reason></GPO>
gposettings.jpg
0
jsgould
Asked:
jsgould
  • 5
1 Solution
 
SommerblinkCommented:
Have you tried splitting the policy into two policies? One with the computer-side policies (disable the user side of the GP) and the computer group as a security filter and another policy with the user-side policies (and disable the computer side of the GP) with the user group as the security filter?

As far as I know, if the security filter fails any of the groups, the whole GPO fails.
0
 
jsgouldAuthor Commented:
ok i'll try that and see.
0
 
jsgouldAuthor Commented:
that didn't do anything. Question I have 2 windows 2008 servers. both with GPO loaded. First should it be loaded on both servers and for some reason one server has Internet explorer maintenance under user windows settings and the other server does not have it? could this be causing the problem? would it matter if i removed gpo from one of the servers?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
jsgouldAuthor Commented:
Well i think i have found the issue and it's ie10 related although I think there needs to be a change or addition somewhere. I need to use GPP but when I goto Internet Settings>new> I only have options for for ie8 and below Ie9 and IE 10 are not listed. I have tried downloading the templates for ie 9 and ie10 and following the instructions (  for example http://www.microsoft.com/en-us/download/details.aspx?id=8386)  I get nothing still just ie 8.
0
 
jsgouldAuthor Commented:
I found another solution. I use a registry edit from GPP on the client station. Makes everything easier.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable, ProxyServer and ProxyOverride, AutoConfigURL
0
 
jsgouldAuthor Commented:
I wasn't getting answers and many people had this issue, So I found another source and it works well
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now