John Caspary
asked on
GP works only if "Domain Computers" is included
Is something wrong with the Domain or the setup? I’m setting up security groups for the GPs and they’ll only work if I include “Domain Computers”. These are User Policies. Please see picture.
Pic.jpg
Pic.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The default is: "authenticated users" has the read and apply privilege. So if you don't want anyone to apply that policy, just take away "apply" from "authenticated users". That group includes the group "domain computers", so that "domain computers" will not need to be dealt with.
Fort a better fix, look at this: https://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/ (translate it from german if needed). It describes how to change the default security descriptor of the GPO which would mean less work for you in the future.
Fort a better fix, look at this: https://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/ (translate it from german if needed). It describes how to change the default security descriptor of the GPO which would mean less work for you in the future.
ASKER