It definitely wasn't inherited. One thing I have noticed though if you add the Authenticated Users group through the Security Filtering function you get *Read* *and* *Apply GPO* permissions. If you add it through the Delegation tab you can only apply Read permissions unless you go through the Advanced tab.
If you've explicitly removed Authenticated Users from the Security Filter tab and add only GroupA and GroupB so that they are the groups receiving the GPO, if someone adds the Authenticated Users back via Delegation and gives them Read permissions, does that then apply the GPO to the Authenticated Users group even though you've removed them from the Security Filter? That's what I was trying to ask, but I think the fact I noticed above about the Apply GPO permission may have answered that question for me :-) On 14 November 2012 13:20, Christopher Bodnar <[email protected]>wrote: > You are correct, somehow the Authenticated Users was added to the > Delegation tab, unless it was inherited, but I doubt that. Does it say No > under the inherited column? > > Not sure what you mean by this: > > *"And does this mean that the groups defined in the Security Filtering > section will effectively be overridden? "* > > > *Christopher Bodnar* > Enterprise Architect I, Corporate Office of Technology:Enterprise > Architecture and Engineering Services Tel 610-807-6459 > 3900 Burgess Place, Bethlehem, PA 18017 > [email protected] > > > * > The Guardian Life Insurance Company of America* > * > **www.guardianlife.com* <http://www.guardianlife.com/> > > > > > > > From: James Rankin <[email protected]> > To: "NT System Admin Issues" <[email protected] > > > Date: 11/14/2012 07:11 AM > Subject: GPO issue > ------------------------------ > > > > I have noticed that some GPOs in use here are Security Filtered to certain > AD groups, and Authenticated Users has been removed from the default > Security Filter. This is all very normal and good. > > However, switching to the Delegation tab of the GPO, I see Authenticated > Users listed with Read permission - but not with the "(from Security > Filtering)" suffix. This means that someone has specifically added > Authenticated Users to the Delegation tab, I think? And does this mean that > the groups defined in the Security Filtering section will effectively be > overridden? I just want to check I am correct before I go complaining :-) I > created a test GPO and it seems to indicate that I am correct, but I like > to double-check first > > Cheers, > > > > > -- * > James Rankin* > Technical Consultant (ACA, CCA, MCTS)* > **http://appsensebigot.blogspot.co.uk*<http://appsensebigot.blogspot.co.uk/> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ > <*http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/*<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>> > ~ > > --- > To manage subscriptions click here: * > http://lyris.sunbelt-software.com/read/my_forums/*<http://lyris.sunbelt-software.com/read/my_forums/> > or send an email to > *[email protected]*<[email protected]> > with the body: unsubscribe ntsysadmin > > ----------------------------------------- This message, and any > attachments to it, may contain information that is privileged, > confidential, and exempt from disclosure under applicable law. If the > reader of this message is not the intended recipient, you are notified that > any use, dissemination, distribution, copying, or communication of this > message is strictly prohibited. If you have received this message in error, > please notify the sender immediately by return e-mail and delete the > message and any attachments. Thank you. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image/jpeg>>
