Solved

Windows 2008 GPO Denied Security Error

Posted on 2013-10-23
6
726 Views
Last Modified: 2013-10-31
Hello,
Here are the basics:
Windows 2008 R2 Server, Windows 7 workstation, Group Policy Management, User Configuration>Policies>Internet Explorer Maintenance

-I have created 2 security groups in AD. One for Computers, One for Users
-I have created a new GPO to set a local policy on the windows 7 workstations under computer configuration (works fine) and user policy to add browser configurations (does not work). I changed the names of the actual domain to DOMAIN in the error log and blacked it out in the attached pic of the GPO Settings. Under delegation the WDS Security Group has read and AGP allowed. This is being tested on 1 workstation and one user only. I have tried recreating this. Same results. Verified everything I think I can verify. Same results. There was an older proxy policy removed and no longer in user however on the workstation when running gpresult I still see the user results as the old policy name and the old policy settings although the policy is no longer in place at all as you can see from attached picture.  Thanks in advance. I have scoured the internet and tried many different things. Any help would be appreciated.

from the error log
The following Group Policy objects were not applicable because they were filtered out :

Local Group Policy
      Not Applied (Empty)
WDS Test
      Denied (Security)
Details:
DescriptionString Local Group Policy Not Applied (Empty) WDS Test Denied (Security)  
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>0</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO><GPO ID="{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}"><Name>WDS Test</Name><Version>-65535</Version><SOM>LDAP://DC=DOMAIN,DC=com</SOM><FSPath>\\DOMAIN.com\SysVol\DOMIAN.com\Policies\{47DE7E55-B477-45B6-8D6D-CAA3B85F4AFD}\Machine</FSPath><Reason>DENIED-SECURITY</Reason></GPO>
gposettings.jpg
0
Comment
Question by:jsgould
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 12

Expert Comment

by:Sommerblink
ID: 39600425
Have you tried splitting the policy into two policies? One with the computer-side policies (disable the user side of the GP) and the computer group as a security filter and another policy with the user-side policies (and disable the computer side of the GP) with the user group as the security filter?

As far as I know, if the security filter fails any of the groups, the whole GPO fails.
0
 

Author Comment

by:jsgould
ID: 39600449
ok i'll try that and see.
0
 

Author Comment

by:jsgould
ID: 39601375
that didn't do anything. Question I have 2 windows 2008 servers. both with GPO loaded. First should it be loaded on both servers and for some reason one server has Internet explorer maintenance under user windows settings and the other server does not have it? could this be causing the problem? would it matter if i removed gpo from one of the servers?
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 

Author Comment

by:jsgould
ID: 39603071
Well i think i have found the issue and it's ie10 related although I think there needs to be a change or addition somewhere. I need to use GPP but when I goto Internet Settings>new> I only have options for for ie8 and below Ie9 and IE 10 are not listed. I have tried downloading the templates for ie 9 and ie10 and following the instructions (  for example http://www.microsoft.com/en-us/download/details.aspx?id=8386)  I get nothing still just ie 8.
0
 

Accepted Solution

by:
jsgould earned 0 total points
ID: 39603115
I found another solution. I use a registry edit from GPP on the client station. Makes everything easier.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable, ProxyServer and ProxyOverride, AutoConfigURL
0
 

Author Closing Comment

by:jsgould
ID: 39613561
I wasn't getting answers and many people had this issue, So I found another source and it works well
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question