On Wed, Jan 3, 2018 at 4:43 PM, Charles F Sullivan
wrote:
> I'm not sure why you're using security filtering. Is your objective to only
> have *some* DCs get this policy?
Correct. I can't have all DCs rebooting to install updates at the same
time. So I want 1 to reboot
The DC’s computer object definitely has permissions to read the GPO?
Jack Kramer, Senior Consultant
Small Type Computing - www.smalltype.net
W: 855-765-8973 x101 - C: 248-635-4955
> On Jan 3, 2018, at 3:26 PM, Michael Leone wrote:
>
> OK, I'm scratching my head over
I'm not sure why you're using security filtering. Is your objective to only
have *some* DCs get this policy? If so, as Joe said those servers need to
get the group membership into their access tokens. Ha! I saved a post which
says how to do that without rebooting and it turns out it was from you!
Have you rebooted the DC so it picks up the group membership?
I think you can check with Process Explorer in the details window of a
process running as System to see the groups it believes itself to be a
member of.
On Jan 3, 2018 15:32, "Michael Leone" wrote:
OK, I'm
4 matches
Mail list logo