Solved

Folder Redirection GPO Not Applying

Posted on 2016-09-22
3
29 Views
Last Modified: 2016-09-23
I have a gpo for folder redirection on our server running 2012 r2 standard.  It is set to apply to an AD group called "folder redirection users".  It has been working fine for the past few months, but the last week or so none of the PC's show it applied when I run rsop,msc.  If I look at user configuration properties the GPO says "filtering not applied (unknown error)"
0
Comment
Question by:DenTechCO
  • 2
3 Comments
 
LVL 5

Expert Comment

by:sAMAccountName
ID: 41811028
Try running
gpresult /h output.htm

Open in new window

on one of the computers that should be applying the policy.  Make sure you run it from an administrator prompt.

That will create an output file (Open it in internet explorer and enable the active x controls when prompted).  There should be detailed information on what was applied, filtered denied etc...

(IMO) GPResult directly on the host will provide more accurate and detailed error information
0
 

Author Comment

by:DenTechCO
ID: 41811075
So it's definitely a security filtering issue.  The gpresult shows a message "access denied: security filtering"  I have verified the group it applies to has read and apply policy permissions.  I have also tested creating a new group and applying it to that one with the same results.
0
 
LVL 5

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41811213
OK...  In the output file, there should be a section which shows what groups the computer was a member of...  Make sure your security group is listed there.  Group membership for computers is a little different for users...  The token which contains the membership is updated much more slowly.  If you added the computer recently, the computer may not have the membership in the token and thus cant read the policy.  

You can restart the server to immeidately update group membership or you can use klist to purge the kerberos tickets and force it without a restart:

Update servers group membership
0

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now