Solved

Folder Redirection GPO Not Applying

Posted on 2016-09-22
3
56 Views
Last Modified: 2016-09-23
I have a gpo for folder redirection on our server running 2012 r2 standard.  It is set to apply to an AD group called "folder redirection users".  It has been working fine for the past few months, but the last week or so none of the PC's show it applied when I run rsop,msc.  If I look at user configuration properties the GPO says "filtering not applied (unknown error)"
0
Comment
Question by:DenTechCO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41811028
Try running
gpresult /h output.htm

Open in new window

on one of the computers that should be applying the policy.  Make sure you run it from an administrator prompt.

That will create an output file (Open it in internet explorer and enable the active x controls when prompted).  There should be detailed information on what was applied, filtered denied etc...

(IMO) GPResult directly on the host will provide more accurate and detailed error information
0
 

Author Comment

by:DenTechCO
ID: 41811075
So it's definitely a security filtering issue.  The gpresult shows a message "access denied: security filtering"  I have verified the group it applies to has read and apply policy permissions.  I have also tested creating a new group and applying it to that one with the same results.
0
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41811213
OK...  In the output file, there should be a section which shows what groups the computer was a member of...  Make sure your security group is listed there.  Group membership for computers is a little different for users...  The token which contains the membership is updated much more slowly.  If you added the computer recently, the computer may not have the membership in the token and thus cant read the policy.  

You can restart the server to immeidately update group membership or you can use klist to purge the kerberos tickets and force it without a restart:

Update servers group membership
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question