Solved

Windows 2008 GPO Denied Security Error

Posted on 2013-10-23
6
725 Views
Last Modified: 2013-10-31
Hello,
Here are the basics:
Windows 2008 R2 Server, Windows 7 workstation, Group Policy Management, User Configuration>Policies>Internet Explorer Maintenance

-I have created 2 security groups in AD. One for Computers, One for Users
-I have created a new GPO to set a local policy on the windows 7 workstations under computer configuration (works fine) and user policy to add browser configurations (does not work). I changed the names of the actual domain to DOMAIN in the error log and blacked it out in the attached pic of the GPO Settings. Under delegation the WDS Security Group has read and AGP allowed. This is being tested on 1 workstation and one user only. I have tried recreating this. Same results. Verified everything I think I can verify. Same results. There was an older proxy policy removed and no longer in user however on the workstation when running gpresult I still see the user results as the old policy name and the old policy settings although the policy is no longer in place at all as you can see from attached picture.  Thanks in advance. I have scoured the internet and tried many different things. Any help would be appreciated.

from the error log
The following Group Policy objects were not applicable because they were filtered out :

Local Group Policy
      Not Applied (Empty)
WDS Test
      Denied (Security)
Details:
DescriptionString Local Group Policy Not Applied (Empty) WDS Test Denied (Security)  
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>0</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO><GPO ID="{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}"><Name>WDS Test</Name><Version>-65535</Version><SOM>LDAP://DC=DOMAIN,DC=com</SOM><FSPath>\\DOMAIN.com\SysVol\DOMIAN.com\Policies\{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}\Machine</FSPath><Reason>DENIED-SECURITY</Reason></GPO>
gposettings.jpg
0
Comment
Question by:jsgould
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 12

Expert Comment

by:Sommerblink
ID: 39600425
Have you tried splitting the policy into two policies? One with the computer-side policies (disable the user side of the GP) and the computer group as a security filter and another policy with the user-side policies (and disable the computer side of the GP) with the user group as the security filter?

As far as I know, if the security filter fails any of the groups, the whole GPO fails.
0
 

Author Comment

by:jsgould
ID: 39600449
ok i'll try that and see.
0
 

Author Comment

by:jsgould
ID: 39601375
that didn't do anything. Question I have 2 windows 2008 servers. both with GPO loaded. First should it be loaded on both servers and for some reason one server has Internet explorer maintenance under user windows settings and the other server does not have it? could this be causing the problem? would it matter if i removed gpo from one of the servers?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:jsgould
ID: 39603071
Well i think i have found the issue and it's ie10 related although I think there needs to be a change or addition somewhere. I need to use GPP but when I goto Internet Settings>new> I only have options for for ie8 and below Ie9 and IE 10 are not listed. I have tried downloading the templates for ie 9 and ie10 and following the instructions (  for example http://www.microsoft.com/en-us/download/details.aspx?id=8386)  I get nothing still just ie 8.
0
 

Accepted Solution

by:
jsgould earned 0 total points
ID: 39603115
I found another solution. I use a registry edit from GPP on the client station. Makes everything easier.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable, ProxyServer and ProxyOverride, AutoConfigURL
0
 

Author Closing Comment

by:jsgould
ID: 39613561
I wasn't getting answers and many people had this issue, So I found another source and it works well
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Change Exchange 2010 Namespace 6 69
Dual Boot Ubuntu and Windows 7 Issue 5 59
Windows 10 Virtual Machine Backup 9 71
Missing Dac32.dll for Avid Media Composer 1 32
This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question