I believe if you pull the properties of the GPO there is a button Advanced or Security or something to see the ACL editor for the GPO.
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Tuesday, September 01, 2009 2:45 PM To: NT System Admin Issues Subject: RE: GPO filtering Where is this? I must be having a brain cramp. The screen I am looking at has the applied OU (Links) at the top and Security filtering in the bottom pane. Or do you mean the ACL on the OU where the GPO is applied? Same results user or computer, by the way. >>> Brian Desmond <br...@briandesmond.com<mailto:br...@briandesmond.com>> >>> 9/1/2009 3:24 PM >>> There is a checkbox in the ACL to grant that group the right to Apply this Policy as well as Read. You want both of those. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Tuesday, September 01, 2009 2:20 PM To: NT System Admin Issues Subject: GPO filtering I have a need to create a GPO that will run an install. The install file is an MSI for Terminal Server application access for several applications. The issue I am having is security filtering. I want the GPO to apply to a group of users. If I remove "authenticated users" and add the group, nothing happens. Group Policy modeling lists the GPO as denied and inaccessible. If I add the specific PCs, this works. Looking at my various books there is no mention of the requirement to add workstations or workstation groups the GPO security to get it to work. Suggestions? Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~