GPO Security Filternig

nicholasshumeyko9696 · 2016-02-18T17:47:13.000Z

Hi All,

I’m having some trouble trying to use group policy security filtering. My GPO applies properly when applied to an OU that contains Server A. I made a security group in AD, add Server A to the group, and remove “Authenticated Users” from the security filtering section of the GPO Scope tab. I then add the new security group to the security filtering section in place of “Authenticated Users”.

Once I do this my GPO no longer applies to Server A. I even tried moving the security group into the same OU as Server A (the same OU the GPO is linked to), and it still did not work. I checked the permissions on the security group and both read and apply group policy were assigned.

If I explicitly add the server to the security filtering pane, the GPO is applied as expected. So something is going wrong with the group membership, but I’m not sure what it it would be. Any suggestions?

nicholasshumeyko9696 · 2016-02-18T18:07:13.000Z

To summarize:

This works:
OU contains computer account
Group contains computer account
GPO applied to OU
Security filtering on GPO set to Authenticated Users, or set to computer account (either works)

This does not work:
OU contains computer account
Group contains computer account
GPO applied to OU
Security filtering on GPO set to Group

nicholasshumeyko9696 · 2016-02-18T18:46:41.000Z

Well, I followed the cardinal rule of IT, and tried turning it off again. It appears group membership doesn’t apply for computer accounts until reboot. Should’ve thought of that sooner but all is well now.

tahin · 2016-02-18T19:27:40.000Z

nshumeyko:

Well, I followed the cardinal rule of IT, and tried turning it off again. It appears group membership doesn’t apply for computer accounts until reboot. Should’ve thought of that sooner but all is well now.

Yep this. Glad you got it figured out!