Sounds like you are on Scope tab, look at the delegation tab, you should see the group you added, click the advanced button in the lower right, it will bring up the usual ACL editor, the group of computers you want the GPO to apply to must have both Read and Apply Group Policy.
It is confusing because you would think the path to edit it is in the scope tab, you can add/remove security principals there but not edit them. From: Tom Miller [mailto:[email protected]] Sent: Tuesday, September 01, 2009 12:45 PM To: NT System Admin Issues Subject: RE: GPO filtering Where is this? I must be having a brain cramp. The screen I am looking at has the applied OU (Links) at the top and Security filtering in the bottom pane. Or do you mean the ACL on the OU where the GPO is applied? Same results user or computer, by the way. >>> Brian Desmond <[email protected]> 9/1/2009 3:24 PM >>> There is a checkbox in the ACL to grant that group the right to Apply this Policy as well as Read. You want both of those. Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ <http://www.briandesmond.com/ad4/> Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian <https://mvp.support.microsoft.com/profile/Brian> From: Tom Miller [mailto:[email protected]] Sent: Tuesday, September 01, 2009 2:20 PM To: NT System Admin Issues Subject: GPO filtering I have a need to create a GPO that will run an install. The install file is an MSI for Terminal Server application access for several applications. The issue I am having is security filtering. I want the GPO to apply to a group of users. If I remove "authenticated users" and add the group, nothing happens. Group Policy modeling lists the GPO as denied and inaccessible. If I add the specific PCs, this works. Looking at my various books there is no mention of the requirement to add workstations or workstation groups the GPO security to get it to work. Suggestions? Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
