IT Employment

General discussion

Locked

Security Filtering in Group Policy

By stnkmstr ·
I am having an issue when using Security Filtering in group policy that is pertaining to computer accounts in a security group. My current situation is as follows:

-Created a GPO for rolling out SUS configs
-Created a security global group called Hotfix and gave this group Read and Apply group policy rights to the GPO
-Removed the Authenticated Users group from the DACL on the GPO
-Added the computer objects that I wanted to apply the SUS configs to, into the Hotfix security group
-Linked this GPO to the OU that contained the server computer objects that I want to roll out his fix to
AD Setup:
-Domain is in mixed mode.
-We have prepped the forest with the 2k3 schema mods.
-We have a mix of Win2k3 and Win2k domain controllers
The problem is that under this setup, the computer objects aren't recieving the updates that I configured in the GPO. When I use RSoP to view the GPO processing on one of these boxes, the Hotfix GPO is showing up as a Denied (Security Filtering). Now, this is strange to me because I'm not explicitly denying rights to ANY object on this GPO. And to make it more interesting, if I do away with the security group, and just add a single computer object to the DACL (giving the object Read and Apply group policy rights), then it works fine. I guess my question is:
-Has anyone seen a problem with computer objects in security groups, and assigning permissions to a group? I've done this before in 2000 with rolling out service packs and it worked fine there. Any suggestions would be greatly appreciated!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Same Issue

by bdorminy In reply to Security Filtering in Gro ...

I am having a similar issue. We recently changed the domain name f our 2k3 domain. A GPO was created to change the XP workstations to the new domain and now some work and some do not. running gpresult tels me
domain name
Filtering: Denied (Security)

Any help here would be greatly appreciated

Related Discussions

Related Forums