We help IT Professionals succeed at work.

Unable to apply Group Policy due to Filtering:  Denied (Security)

755 Views
Last Modified: 2018-05-24
People,

Can anyone here please assist me in troubleshooting the Group Policy issue where it is showing like the below:
 Apply Outlook Signature (User Policy)
            Filtering:  Denied (Security)

Open in new window


I have done:
1. Added the user to the proper AD security group called "Corporate User" where this group is then added as the Security filtering under the Scope tab.

2. Added the same AD security group called "Corporate User" into the Delegation tab.

But somehow the GPO is not applied successfully and GPresult /R shows: Filtering:  Denied (Security)

Any help would be greatly appreciated.

Thanks,
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
I guess you did remove the "Authenticated Users" from the Security Filtering, so that now only "Corporate User" is left?
Add "Domain Computers" with at least Read permissions to the GPO as well; this is required since the security update KB3163622 (by design, not a bug!).
Details are here:
Deploying Group Policy Security Update MS16-072 \ KB3163622
https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/
Senior IT System EngineerSenior Systems Engineer
CERTIFIED EXPERT

Author

Commented:
Possibly,
So I guess it can fix this issue not making it any worst?
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Yes, giving the computer account(s) Read access will solve this. Been there, done that.
Senior IT System EngineerSenior Systems Engineer
CERTIFIED EXPERT

Author

Commented:
OK, so for the below Group Policy Object:

For User Policy enabled [Computer Policy disabled] with the Security Filtering, the below must be added as minimal:
AD security group where the user account is residing.
Authenticated Users
Domain Computers
Delegation tab must contain:
AD security group where the user account is residing - Read From Security Filtering
Authenticated Users - Read From Security Filtering
Domain Computers - Read From Security Filtering

what about for the other GPO, Computer Policy enabled [User Policy disabled] with the Security Filtering ?
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
PberSolutions Architect
CERTIFIED EXPERT

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: oBdA (https:#a42279752)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.