General discussion

Locked

Security Filtering in Group Policy

By stnkmstr ·
I am having an issue when using Security Filtering in group policy that is pertaining to computer accounts in a security group. My current situation is as follows:

-Created a GPO for rolling out SUS configs
-Created a security global group called Hotfix and gave this group Read and Apply group policy rights to the GPO
-Removed the Authenticated Users group from the DACL on the GPO
-Added the computer objects that I wanted to apply the SUS configs to, into the Hotfix security group
-Linked this GPO to the OU that contained the server computer objects that I want to roll out his fix to
AD Setup:
-Domain is in mixed mode.
-We have prepped the forest with the 2k3 schema mods.
-We have a mix of Win2k3 and Win2k domain controllers
The problem is that under this setup, the computer objects aren't recieving the updates that I configured in the GPO. When I use RSoP to view the GPO processing on one of these boxes, the Hotfix GPO is showing up as a Denied (Security Filtering). Now, this is strange to me because I'm not explicitly denying rights to ANY object on this GPO. And to make it more interesting, if I do away with the security group, and just add a single computer object to the DACL (giving the object Read and Apply group policy rights), then it works fine. I guess my question is:
-Has anyone seen a problem with computer objects in security groups, and assigning permissions to a group? I've done this before in 2000 with rolling out service packs and it worked fine there. Any suggestions would be greatly appreciated!

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Same Issue

by bdorminy In reply to Security Filtering in Gro ...

I am having a similar issue. We recently changed the domain name f our 2k3 domain. A GPO was created to change the XP workstations to the new domain and now some work and some do not. running gpresult tels me
domain name
Filtering: Denied (Security)

Any help here would be greatly appreciated

Back to IT Employment Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums