I don't think I've ever had a server successfully get group membership in its access token without a reboot. We all know that a user has to log out and back on. A machine has to reboot.
Not sure if there's an alternative to rebooting, like restarting the netlogon service, and I'm not sure why you're seeing some servers that got the group membership without a reboot, but I would stop right there until the servers have been rebooted. -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, June 20, 2017 12:07 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE On Tue, Jun 20, 2017 at 11:21 AM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: > Did you bounce the servers so they could pick up the new group > memebership? No. But then, neither did I bounce the other 5 servers that are working, and are not filtering out the GPO....