Solved

GPO not accessible issue

Posted on 2014-01-03
6
884 Views
Last Modified: 2014-02-03
I am having an issue with a GPO not executing as expected (it's a pretty simple drive mapping policy but anyhow I guess the content itself is irrelevant).

Using the "GPO modeling" wizard I see that said GPO is not executing because it has a denied access (security filtering) issue.

I muss confess I can't figure out why it would not be readable in this context (user / machine).

Is there any way to explicitly find out what mechanism is blocking this GPO ?

Thanks for any pointer / advice in the matter (this is w2k8 domain)
0
Comment
Question by:atak2983
  • 2
  • 2
  • 2
6 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39753397
Sounds like the wizard has already given you the problem. None of the security groups associated with the policy have the AD object you want to apply as a member. A WMI filter issue would report differently.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39753482
Those users \ computers to whom you wanted to apply GPO through security filtering must need to be in same OU \ sub OU in the hierarchy as GPO, meaning it will not work if the OU on which you applied GPO is different from OU that contains actual user\computer

I think that is the issue here

Mahesh
0
 
LVL 1

Author Comment

by:atak2983
ID: 39755762
thanks for your input

> Those users \ computers to whom you wanted to apply GPO through security
> filtering must need to be in same OU \ sub OU in the hierarchy as GPO, meaning
> it will not work if the OU on which you applied GPO is different from OU that
> contains actual user\computer

I confirm that both the intended users and the GPO are in the same OU

> None of the security groups associated with the policy have the AD object you want
> to apply as a member. A WMI filter issue would report differently.

Not sure I understand your point. Here is what I have

OU = myComp

in said OU I have a group - say gTargetGPO with some user of the OU

I also have a GPO under myComp. I have set it apply to gTargetGPO.

What am I missing ?!
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 36

Expert Comment

by:Mahesh
ID: 39755771
Not sure if this is orphaned GPOs issue
please download PowerShell script in below link and find orphaned GPOs
http://www.jhouseconsulting.com/2012/09/03/finding-orphaned-group-policy-objects-807
Just remove those orphaned GPOs and check if now GPOs are applying correctly

Check below thread for complete information
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28309861.html

Mahesh
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39756069
OUs are not security groups. Group policies can have security group filters applied and the error you posted occurs if the filter does not include your user or computer. Here is a technet on changing a policy's security filter.

http://technet.microsoft.com/en-us/library/cc779291(v=WS.10).aspx
0
 
LVL 1

Author Closing Comment

by:atak2983
ID: 39829388
Thanks for clarifying
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Why does my public IP keep changing? 6 64
moving away from .local domain 5 28
EXCHANGE, ACTIVE DIRECTORY 1 32
Application Crash 2 23
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question