OK, that's a step in the right direction. If the GPO isn't applied the settings can't be enforced. So... in GPRESULT do you see that GPO as "filtered out" like this?
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
ACME-2008-Policy1
Filtering: Not Applied (Empty)
Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise
Architecture and Engineering Services
Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
[email protected]
The Guardian Life Insurance Company of America
www.guardianlife.com
From: James Rankin <[email protected]>
To: "NT System Admin Issues" <[email protected]>
Date: 04/13/2012 08:49 AM
Subject: Re: GPO weirdness
Both. Settings aren't applied, and the GPO doesn't show as being applied
in gpresult.
On 13 April 2012 13:13, Christopher Bodnar <[email protected]>
wrote:
Just read your disclaimer, funny stuff, extraterrestrial eggplants?
OK back to your issue. When you say the GPO does not apply do you mean
that the settings dont' get enforced, or that the GPO doesn't show up as
being applied in the output of GPRESULT?
Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise
Architecture and Engineering Services
Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
[email protected]
The Guardian Life Insurance Company of America
www.guardianlife.com
From: James Rankin <[email protected]>
To: "NT System Admin Issues" <[email protected]
>
Date: 04-13-12 05:12 AM
Subject: GPO weirdness
I have a GPO with user settings that I am applying to an OU with Terminal
Servers in it (Loopback Policy Processing is configured in another GPO on
the same OU). I also want to apply a security filter to the user settings
OU so that only a certain AD group are subject to it. However, whenever I
change the security filter from Authenticated Users, the GPO does not
apply even though the user is a member of the AD group in the security
filter. The only way I can get it to work is by adding the computer
accounts for the Terminal Servers to the security filter, which has me
baffled because these are user settings and shouldn't be applied to the
computer accounts, should they? I could be utterly wrong but I have
checked GPOs I used in other, similar environments and I never had to add
computer accounts specifically to a security filter for a user settings
GPO to work.
Can anyone confirm if this is expected behaviour or not?
TIA,
JRR
--
http://appsensebigot.blogspot.co.uk
IMPORTANT INFORMATION/DISCLAIMER
I certainly don't have time to monitor the content of e-mail sent and
received via this account for the purposes of ensuring compliance with
anyone's policies and procedures. I am pretty sure that somewhere in UK
legislation there is some politically-correct drivel that stipulates I
must never send or store e-mails or attachments that are obscene,
indecent, sexist, racist, defamatory, abusive, in breach of copyright,
encrypted, amusing, overly long, slightly opinionated, anonymous, likely
to harm animals or hurt the feelings of an as-yet-unspecified or
as-yet-nonexistent minority (such as extraterrestrial eggplants). Emails
of this nature sent in or out of this account may be intercepted and
stopped by the system, but it's a long shot. This being the UK, even if I
was prosecuted for breach of said email guidelines, I'd probably walk with
a suspended sentence anyway, but if I'd forgotten to pay my car insurance,
I'd most certainly be hung, drawn and quartered.
I am not responsible for any changes made to the message after it has been
sent, in more or less the same way that cyclozine manufacturers aren't
responsible for drug addicts mixing it with methadone and overdosing, so
I'm glad I cleared the confusion up there nice and early. Where opinions
are expressed, they are not necessarily mine. However, I don't make a
habit of expressing other people's opinions for them, so you shouldn't
take that statement as an indication that I am in the business of
providing an opinion-expressing service. In the event that I did, this
discourse would provide no guarantee that I would do it anyway, but I
don't, so I won't.
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended addressee, or the person
responsible for delivering it to them, aside from the fact that you've
clearly got some level of unauthorised access to their account or are at
least engaged in some sort of fraud, I'm obliged to tell you that may not
copy, forward disclose or otherwise use it or any part of it in any way.
To do so may be unlawful, and as you're already breaking the law, I am
sure that bombshell makes you quake in your boots and turn yourself over
to law enforcement immediately. If you receive this e-mail by mistake,
please advise the sender immediately. That would be me, and as I am
clearly prone to sending emails to completely the wrong person, I should
instantly be stripped of my status as a technical consultant and sent to
do something more becoming of my stupidity, such as appearing on Big
Brother, the X Factor or "insert country name here"'s Got Talent.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
----------------------------------------- This message, and any
attachments to it, may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient, you are notified
that any use, dissemination, distribution, copying, or communication of
this message is strictly prohibited. If you have received this message in
error, please notify the sender immediately by return e-mail and delete
the message and any attachments. Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
--
http://appsensebigot.blogspot.co.uk
IMPORTANT INFORMATION/DISCLAIMER
I certainly don't have time to monitor the content of e-mail sent and
received via this account for the purposes of ensuring compliance with
anyone's policies and procedures. I am pretty sure that somewhere in UK
legislation there is some politically-correct drivel that stipulates I
must never send or store e-mails or attachments that are obscene,
indecent, sexist, racist, defamatory, abusive, in breach of copyright,
encrypted, amusing, overly long, slightly opinionated, anonymous, likely
to harm animals or hurt the feelings of an as-yet-unspecified or
as-yet-nonexistent minority (such as extraterrestrial eggplants). Emails
of this nature sent in or out of this account may be intercepted and
stopped by the system, but it's a long shot. This being the UK, even if I
was prosecuted for breach of said email guidelines, I'd probably walk with
a suspended sentence anyway, but if I'd forgotten to pay my car insurance,
I'd most certainly be hung, drawn and quartered.
I am not responsible for any changes made to the message after it has been
sent, in more or less the same way that cyclozine manufacturers aren't
responsible for drug addicts mixing it with methadone and overdosing, so
I'm glad I cleared the confusion up there nice and early. Where opinions
are expressed, they are not necessarily mine. However, I don't make a
habit of expressing other people's opinions for them, so you shouldn't
take that statement as an indication that I am in the business of
providing an opinion-expressing service. In the event that I did, this
discourse would provide no guarantee that I would do it anyway, but I
don't, so I won't.
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended addressee, or the person
responsible for delivering it to them, aside from the fact that you've
clearly got some level of unauthorised access to their account or are at
least engaged in some sort of fraud, I'm obliged to tell you that may not
copy, forward disclose or otherwise use it or any part of it in any way.
To do so may be unlawful, and as you're already breaking the law, I am
sure that bombshell makes you quake in your boots and turn yourself over
to law enforcement immediately. If you receive this e-mail by mistake,
please advise the sender immediately. That would be me, and as I am
clearly prone to sending emails to completely the wrong person, I should
instantly be stripped of my status as a technical consultant and sent to
do something more becoming of my stupidity, such as appearing on Big
Brother, the X Factor or "insert country name here"'s Got Talent.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin<<image/jpeg>>
<<image/jpeg>>
