Mauro Cazabonnet
asked on
Windows Group Policy Security filtering remove authenticated users
Hello,
Looking for an alternative to this
Setting the permissionLevel to none is generating a prompt for confirmation which causes issues with automation
Any help much appreciated
Looking for an alternative to this
set-gppermissions -Name $Name -TargetName $TargetName -TargetType $TargetType -PermissionLevel $PermissionLevel -Domain $Domain -ErrorAction Stop
Setting the permissionLevel to none is generating a prompt for confirmation which causes issues with automation
Any help much appreciated
Could you provide what it is you are trying to do versus posting something that needs to be interpreted to what you are trying to do?
ASKER
Need to remove authenticated users from group policy security filtering
are you sure the prompt is not a UAC rights elevation prompt for alterations you are making?
try running cmd as administrator, then run powershell in the elevated command window....
try running cmd as administrator, then run powershell in the elevated command window....
ASKER
group policy cmdlet set-gppermissions is generating a prompt Y(yes) S(Suspend) or N(no) when permissionlevel is set to none
Not a UAC thing
Not a UAC thing
Set-GPPermission -Name $Name -TargetName $TargetName -TargetType $TargetType -PermissionLevel $PermissionLevel -Domain $Domain -ErrorAction Stop -Confirm:$false
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just interested: on what server OS is -confirm:$false not working?
ASKER
Closing......
ASKER
It is Windows Server 2012 R2 Standard with PS 5.0
Ok. I have a theory: the patch that "broke" this is trying to prevent that you do this for a simple reason: security filtering on user policies will not work anymore unless we still assign read permissions to authenticated users (or to the group domain computers), since MS has changed the way that user policies are processed. That would mean, you are modifying a user policy - are you? If so, don't remove read access for "authenticated users", just remove the "apply GPO" privilege.
ASKER
McKnife sorry for the delayed response
I'll review this week and see how it goes
I'll keep ya posted
M
I'll review this week and see how it goes
I'll keep ya posted
M