Solved

Windows 2008 GPO Denied Security Error

Posted on 2013-10-23
6
723 Views
Last Modified: 2013-10-31
Hello,
Here are the basics:
Windows 2008 R2 Server, Windows 7 workstation, Group Policy Management, User Configuration>Policies>Internet Explorer Maintenance

-I have created 2 security groups in AD. One for Computers, One for Users
-I have created a new GPO to set a local policy on the windows 7 workstations under computer configuration (works fine) and user policy to add browser configurations (does not work). I changed the names of the actual domain to DOMAIN in the error log and blacked it out in the attached pic of the GPO Settings. Under delegation the WDS Security Group has read and AGP allowed. This is being tested on 1 workstation and one user only. I have tried recreating this. Same results. Verified everything I think I can verify. Same results. There was an older proxy policy removed and no longer in user however on the workstation when running gpresult I still see the user results as the old policy name and the old policy settings although the policy is no longer in place at all as you can see from attached picture.  Thanks in advance. I have scoured the internet and tried many different things. Any help would be appreciated.

from the error log
The following Group Policy objects were not applicable because they were filtered out :

Local Group Policy
      Not Applied (Empty)
WDS Test
      Denied (Security)
Details:
DescriptionString Local Group Policy Not Applied (Empty) WDS Test Denied (Security)  
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>0</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO><GPO ID="{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}"><Name>WDS Test</Name><Version>-65535</Version><SOM>LDAP://DC=DOMAIN,DC=com</SOM><FSPath>\\DOMAIN.com\SysVol\DOMIAN.com\Policies\{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}\Machine</FSPath><Reason>DENIED-SECURITY</Reason></GPO>
gposettings.jpg
0
Comment
Question by:jsgould
  • 5
6 Comments
 
LVL 12

Expert Comment

by:Sommerblink
ID: 39600425
Have you tried splitting the policy into two policies? One with the computer-side policies (disable the user side of the GP) and the computer group as a security filter and another policy with the user-side policies (and disable the computer side of the GP) with the user group as the security filter?

As far as I know, if the security filter fails any of the groups, the whole GPO fails.
0
 

Author Comment

by:jsgould
ID: 39600449
ok i'll try that and see.
0
 

Author Comment

by:jsgould
ID: 39601375
that didn't do anything. Question I have 2 windows 2008 servers. both with GPO loaded. First should it be loaded on both servers and for some reason one server has Internet explorer maintenance under user windows settings and the other server does not have it? could this be causing the problem? would it matter if i removed gpo from one of the servers?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:jsgould
ID: 39603071
Well i think i have found the issue and it's ie10 related although I think there needs to be a change or addition somewhere. I need to use GPP but when I goto Internet Settings>new> I only have options for for ie8 and below Ie9 and IE 10 are not listed. I have tried downloading the templates for ie 9 and ie10 and following the instructions (  for example http://www.microsoft.com/en-us/download/details.aspx?id=8386)  I get nothing still just ie 8.
0
 

Accepted Solution

by:
jsgould earned 0 total points
ID: 39603115
I found another solution. I use a registry edit from GPP on the client station. Makes everything easier.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable, ProxyServer and ProxyOverride, AutoConfigURL
0
 

Author Closing Comment

by:jsgould
ID: 39613561
I wasn't getting answers and many people had this issue, So I found another source and it works well
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question