Solved

Folder Redirection GPO Not Applying

Posted on 2016-09-22
3
34 Views
Last Modified: 2016-09-23
I have a gpo for folder redirection on our server running 2012 r2 standard.  It is set to apply to an AD group called "folder redirection users".  It has been working fine for the past few months, but the last week or so none of the PC's show it applied when I run rsop,msc.  If I look at user configuration properties the GPO says "filtering not applied (unknown error)"
0
Comment
Question by:DenTechCO
  • 2
3 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41811028
Try running
gpresult /h output.htm

Open in new window

on one of the computers that should be applying the policy.  Make sure you run it from an administrator prompt.

That will create an output file (Open it in internet explorer and enable the active x controls when prompted).  There should be detailed information on what was applied, filtered denied etc...

(IMO) GPResult directly on the host will provide more accurate and detailed error information
0
 

Author Comment

by:DenTechCO
ID: 41811075
So it's definitely a security filtering issue.  The gpresult shows a message "access denied: security filtering"  I have verified the group it applies to has read and apply policy permissions.  I have also tested creating a new group and applying it to that one with the same results.
0
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41811213
OK...  In the output file, there should be a section which shows what groups the computer was a member of...  Make sure your security group is listed there.  Group membership for computers is a little different for users...  The token which contains the membership is updated much more slowly.  If you added the computer recently, the computer may not have the membership in the token and thus cant read the policy.  

You can restart the server to immeidately update group membership or you can use klist to purge the kerberos tickets and force it without a restart:

Update servers group membership
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now