I created a GPO to Replace a desktop shortcut.<\/p>\n

\n
• applied the GPO to Test OU with Security filter by adding a $security Group<\/li>\n<\/ul>\n
  

  Advertisement

  Close

  Test OU has got 5 PC and I have added 2 PCs to $Security Group.<\/p>\n

  

  Advertisement

  Close

  Policy worked as expected (replaced the current shortcuts with new link)<\/p>\n

  Problem:<\/p>\n

  When I Link the GPO to Workstation OU which is the Parent OU and then added the certain PC from different department to the Security Group created above.<\/p>\n

  Policy not applied - GPO Access Denied(Security Filtering) - Check the delegate tab all look fine<\/p>\n

  e.g OU Structure below<\/p>\n

  Workstation OU(Parent OU)<\/p>\n

  Dept 1 OU (Sub OUs)<\/p>\n

  Dept 2 OU (Sub OUs)<\/p>\n

  Dept3 OU (Sub OUs)<\/p>\n

  Test OU (Sub OUs)<\/p>\n

  Requires all you valuable inputs<\/p>","upvoteCount":8,"answerCount":8,"datePublished":"2020-10-14T20:55:28.000Z","author":{"@type":"Person","name":"prabhu0408","url":"https://community.spiceworks.com/u/prabhu0408"},"suggestedAnswer":[{"@type":"Answer","text":"

  I created a GPO to Replace a desktop shortcut.<\/p>\n

  \n
  • applied the GPO to Test OU with Security filter by adding a $security Group<\/li>\n<\/ul>\n

    Test OU has got 5 PC and I have added 2 PCs to $Security Group.<\/p>\n

    Policy worked as expected (replaced the current shortcuts with new link)<\/p>\n

    Problem:<\/p>\n

    When I Link the GPO to Workstation OU which is the Parent OU and then added the certain PC from different department to the Security Group created above.<\/p>\n

    Policy not applied - GPO Access Denied(Security Filtering) - Check the delegate tab all look fine<\/p>\n

    e.g OU Structure below<\/p>\n

    Workstation OU(Parent OU)<\/p>\n

    Dept 1 OU (Sub OUs)<\/p>\n

    Dept 2 OU (Sub OUs)<\/p>\n

    Dept3 OU (Sub OUs)<\/p>\n

    Test OU (Sub OUs)<\/p>\n

    Requires all you valuable inputs<\/p>","upvoteCount":8,"datePublished":"2020-10-14T20:55:29.000Z","url":"https://community.spiceworks.com/t/gpo-access-denied-security-filter/778861/1","author":{"@type":"Person","name":"prabhu0408","url":"https://community.spiceworks.com/u/prabhu0408"}},{"@type":"Answer","text":"

    Did you reboot the machines? Were they in contact with the DC when they were rebooted?<\/p>\n

    Group membership is applied on boot for PCs. Sounds like they aren’t a member of your security group yet.<\/p>","upvoteCount":0,"datePublished":"2020-10-14T21:29:37.000Z","url":"https://community.spiceworks.com/t/gpo-access-denied-security-filter/778861/2","author":{"@type":"Person","name":"justin1250","url":"https://community.spiceworks.com/u/justin1250"}},{"@type":"Answer","text":"

    what permissions does ‘authenticated users’ have.
    \nI had similar experience when I denied/unticked ‘read’ instead of just unticking ‘apply’<\/p>","upvoteCount":1,"datePublished":"2020-10-14T23:28:04.000Z","url":"https://community.spiceworks.com/t/gpo-access-denied-security-filter/778861/3","author":{"@type":"Person","name":"dwoff1","url":"https://community.spiceworks.com/u/dwoff1"}},{"@type":"Answer","text":"