Did you remember to add either "authenticated users" or "domain computers" with read access on the advanced tab after you added the security filtering to apply just to the group?
-Bonnie -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, June 20, 2017 9:09 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE On Tue, Jun 20, 2017 at 11:52 AM, Mayo, Bill <bill.m...@pittcountync.gov> wrote: > I was just point out that denies override everything else. Is it possible > that you added a DENY entry to some other group of which these computers are > members? Pretty sure I haven't a DENY to anything in this decade ... LOL .. no, seriously, I can't remember the last time I DENYed anything. So, no, I don't think that's the case. Also, as I say, I have other servers that are not filtering it out, and all these server accounts are all members of the same groups (I checked).