Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

GPO not accessible issue

Posted on 2014-01-03
6
904 Views
Last Modified: 2014-02-03
I am having an issue with a GPO not executing as expected (it's a pretty simple drive mapping policy but anyhow I guess the content itself is irrelevant).

Using the "GPO modeling" wizard I see that said GPO is not executing because it has a denied access (security filtering) issue.

I muss confess I can't figure out why it would not be readable in this context (user / machine).

Is there any way to explicitly find out what mechanism is blocking this GPO ?

Thanks for any pointer / advice in the matter (this is w2k8 domain)
0
Comment
Question by:atak2983
  • 2
  • 2
  • 2
6 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39753397
Sounds like the wizard has already given you the problem. None of the security groups associated with the policy have the AD object you want to apply as a member. A WMI filter issue would report differently.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39753482
Those users \ computers to whom you wanted to apply GPO through security filtering must need to be in same OU \ sub OU in the hierarchy as GPO, meaning it will not work if the OU on which you applied GPO is different from OU that contains actual user\computer

I think that is the issue here

Mahesh
0
 
LVL 1

Author Comment

by:atak2983
ID: 39755762
thanks for your input

> Those users \ computers to whom you wanted to apply GPO through security
> filtering must need to be in same OU \ sub OU in the hierarchy as GPO, meaning
> it will not work if the OU on which you applied GPO is different from OU that
> contains actual user\computer

I confirm that both the intended users and the GPO are in the same OU

> None of the security groups associated with the policy have the AD object you want
> to apply as a member. A WMI filter issue would report differently.

Not sure I understand your point. Here is what I have

OU = myComp

in said OU I have a group - say gTargetGPO with some user of the OU

I also have a GPO under myComp. I have set it apply to gTargetGPO.

What am I missing ?!
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 36

Expert Comment

by:Mahesh
ID: 39755771
Not sure if this is orphaned GPOs issue
please download PowerShell script in below link and find orphaned GPOs
http://www.jhouseconsulting.com/2012/09/03/finding-orphaned-group-policy-objects-807
Just remove those orphaned GPOs and check if now GPOs are applying correctly

Check below thread for complete information
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28309861.html

Mahesh
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39756069
OUs are not security groups. Group policies can have security group filters applied and the error you posted occurs if the filter does not include your user or computer. Here is a technet on changing a policy's security filter.

http://technet.microsoft.com/en-us/library/cc779291(v=WS.10).aspx
0
 
LVL 1

Author Closing Comment

by:atak2983
ID: 39829388
Thanks for clarifying
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question