Link to home
Start Free TrialLog in
Avatar of Mauro Cazabonnet
Mauro CazabonnetFlag for United States of America

asked on

Windows Group Policy Security filtering remove authenticated users

Hello,
Looking for an alternative to this 

set-gppermissions -Name $Name -TargetName $TargetName -TargetType $TargetType -PermissionLevel $PermissionLevel -Domain $Domain -ErrorAction Stop

Open in new window


Setting the permissionLevel to none is generating a prompt for confirmation which causes issues with automation

Any help much appreciated
Avatar of arnold
arnold
Flag of United States of America image
Could you provide what it is you are trying to do versus posting something that needs to be interpreted to what you are trying to do?
Avatar of Mauro Cazabonnet
Mauro Cazabonnet
Flag of United States of America image

ASKER

Need to remove authenticated users from group policy security filtering
Avatar of arnold
arnold
Flag of United States of America image
are you sure the prompt is not a UAC rights elevation prompt for alterations you are making?
try running cmd as administrator, then run powershell in the elevated command window....
Avatar of Mauro Cazabonnet
Mauro Cazabonnet
Flag of United States of America image

ASKER

group policy cmdlet set-gppermissions is generating a prompt Y(yes) S(Suspend) or N(no) when permissionlevel is set to none
Not a UAC thing
Avatar of oBdA
oBdA
Set-GPPermission -Name $Name -TargetName $TargetName -TargetType $TargetType -PermissionLevel $PermissionLevel -Domain $Domain -ErrorAction Stop -Confirm:$false

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Mauro Cazabonnet
Mauro Cazabonnet
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of McKnife
McKnife
Flag of Germany image
Just interested: on what server OS is -confirm:$false not working?
Avatar of Mauro Cazabonnet
Mauro Cazabonnet
Flag of United States of America image

ASKER

Closing......
Avatar of Mauro Cazabonnet
Mauro Cazabonnet
Flag of United States of America image

ASKER

It is Windows Server 2012 R2 Standard with PS 5.0
Avatar of McKnife
McKnife
Flag of Germany image
Ok. I have a theory: the patch that "broke" this is trying to prevent that you do this for a simple reason: security filtering on user policies will not work anymore unless we still assign read permissions to authenticated users (or to the group domain computers), since MS has changed the way that user policies are processed. That would mean, you are modifying a user policy - are you? If so, don't remove read access for "authenticated users", just remove the "apply GPO" privilege.
Avatar of Mauro Cazabonnet
Mauro Cazabonnet
Flag of United States of America image

ASKER

McKnife sorry for the delayed response
I'll review this week and see how it goes
I'll keep ya posted

M