<div>
No and it doesnt apply the GPO when I logon as a domain admin either.&nbsp;
</div>


No and it doesnt apply the GPO when I logon as a domain admin either. 

<div>
Can you list the GPO ACL, please?<br />
<a href="https://docs.microsoft.com/en-us/powershell/module/grouppolicy/get-gppermission?view=windowsserver2022-ps" rel="ugc">https://docs.microsoft.com/en-us/powershell/module/grouppolicy/get-gppermission?view=windowsserver2022-ps</a>
</div>


Can you list the GPO ACL, please?
https://docs.microsoft.com/en-us/powershell/module/grouppolicy/get-gppermission?view=windowsserver2022-ps [https://docs.microsoft.com/en-us/powershell/module/grouppolicy/get-gppermission?view=windowsserver2022-ps]

<div>
Looks good <br />
Please verify if replication is running between DCs. This access denial can be a result of an NTFRS journal wrap. That would manifest in the DC event log (check each DC) like this: FRS Event ID 13568
</div>


Looks good
Please verify if replication is running between DCs. This access denial can be a result of an NTFRS journal wrap. That would manifest in the DC event log (check each DC) like this: FRS Event ID 13568

<div>
Ok. And where does it say &quot;access denied&quot;? In gpresult?
</div>


Ok. And where does it say "access denied"? In gpresult?

<div>
Funny. You could remove the server from the domain and join it again for a test.<br />
And also use procmon while doing a gpupdate /force on an elevated command prompt and filter for &quot;access denied&quot; to see what happens.
</div>


Funny. You could remove the server from the domain and join it again for a test.
And also use procmon while doing a gpupdate /force on an elevated command prompt and filter for "access denied" to see what happens.

<div>
I was looking at gpresult info this morning and I noticed that the GPO in question does apply to computer settings and only fails on user settings.&nbsp;
</div>


I was looking at gpresult info this morning and I noticed that the GPO in question does apply to computer settings and only fails on user settings. 

<div>
Is that GPO attached to an OU with users? Else, with computers, user settings cannot apply, anyway.
</div>


Is that GPO attached to an OU with users? Else, with computers, user settings cannot apply, anyway.

<div>
Its applied to a OU with the RDS servers in it not applied to a user OU. I should have checked this yesterday but I didnt, I have 3 RDS servers and only 1 is having this issue with the GPO the other 2 are applying the user settings with no issues. All 3 servers are in the same OU
</div>


Its applied to a OU with the RDS servers in it not applied to a user OU. I should have checked this yesterday but I didnt, I have 3 RDS servers and only 1 is having this issue with the GPO the other 2 are applying the user settings with no issues. All 3 servers are in the same OU

Network Admin

Mark

<div>
I had tried gpupdate previous to opening this ticket. And your correct I fd the setting location and I will move it an
</div>


I had tried gpupdate previous to opening this ticket. And your correct I fd the setting location and I will move it an

<div>
<div class="content wysiwyg-content fr-view">
<p>Im having a GPO fail applying with this error "Access Denied (Security Filtering). This was an existing GPO that I added a couple of things to, compatibility view for IE and trusted sites. Both of these setting had sites in there so I just added to them. I checked permissions and authenticated users have read and apply group policy permissions. The servers (RDS) that Im attempting to apply this GPO to has been rebooted also. My hunch is it was failing for a while I cant see how the settings I added caused the issue. Servers are running 2016.&nbsp; Any ideas on how to resolve this?&nbsp;</p>
</div>
</div>



Im having a GPO fail applying with this error "Access Denied (Security Filtering). This was an existing GPO that I added a couple of things to, compatibility view for IE and trusted sites. Both of these setting had sites in there so I just added to them. I checked permissions and authenticated users have read and apply group policy permissions. The servers (RDS) that Im attempting to apply this GPO to has been rebooted also. My hunch is it was failing for a while I cant see how the settings I added caused the issue. Servers are running 2016.  Any ideas on how to resolve this? 

GPO error Access Denied (Security Filtering)

Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy (LGPO or LocalGPO) allows Group Policy Object management without Active Directory on standalone computers.

Group Policy

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.

Windows Server 2016

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.