Solved

Folder Redirection GPO Not Applying

Posted on 2016-09-22
3
44 Views
Last Modified: 2016-09-23
I have a gpo for folder redirection on our server running 2012 r2 standard.  It is set to apply to an AD group called "folder redirection users".  It has been working fine for the past few months, but the last week or so none of the PC's show it applied when I run rsop,msc.  If I look at user configuration properties the GPO says "filtering not applied (unknown error)"
0
Comment
Question by:DenTechCO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41811028
Try running
gpresult /h output.htm

Open in new window

on one of the computers that should be applying the policy.  Make sure you run it from an administrator prompt.

That will create an output file (Open it in internet explorer and enable the active x controls when prompted).  There should be detailed information on what was applied, filtered denied etc...

(IMO) GPResult directly on the host will provide more accurate and detailed error information
0
 

Author Comment

by:DenTechCO
ID: 41811075
So it's definitely a security filtering issue.  The gpresult shows a message "access denied: security filtering"  I have verified the group it applies to has read and apply policy permissions.  I have also tested creating a new group and applying it to that one with the same results.
0
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41811213
OK...  In the output file, there should be a section which shows what groups the computer was a member of...  Make sure your security group is listed there.  Group membership for computers is a little different for users...  The token which contains the membership is updated much more slowly.  If you added the computer recently, the computer may not have the membership in the token and thus cant read the policy.  

You can restart the server to immeidately update group membership or you can use klist to purge the kerberos tickets and force it without a restart:

Update servers group membership
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question