troubleshooting Question

Can't apply GPO to computers in a security group

Avatar of Jason Richmond
Jason RichmondFlag for United States of America asked on
SecurityActive Directory* gpos
5 Comments1 Solution192 ViewsLast Modified:
Computer as a member of a domain security group is not having a GPO applied.

Global Security group - SMBv1Disable
Members: about 15 computer accounts

GPO - Disable SMBv1
AUthenticated users - read (but not apply group policy)
Domain admins/Enterprise Admins/System - full control
Domain Computers - read (but not apply group policy)
SMBv1Disable (security group from above) read + apply group policy

I've rebooted a computer that is a member of the SMBv1Disable group
when running gpresult I get an error for my "Disable SMB v1" GPO:  Access Denied (Security Filtering)

I don't understand what I have wrong in my security filtering that is preventing this GPO from being applied.
The GPO is linked to my top level domain.
Security filtering (as indicated above) is SMBv1Disable (the security group)

Any ideas?
Jason Richmond

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros