Forum Discussion
JamesIversen
Aug 27, 2024Copper Contributor
User\User Group Item level targeting in GPO fails after KB5041578 installation
Hello All!!!
It appears that I am unable to create new GPO's which user the item level targeting option of User or User Group...
When attempting to configure User Configuration (Enabled)>Preferences>Windows Settings>Files to send a specially crafted shortcut to a group of users, the Common>Item-level targeting Targeting button allows New Item>Security Group to be selected from drop down but allows me to only select "the computer is a member of the security group". The option for User in Group is greyed out.
Normally, I would not think it was possible to select a "Computer, or Computer Group" in the User Configuration.
Is there an estimated time to resolve this so I can publish these specially crafted shortcuts to my customers?
- Jan_FernandBCopper ContributorSame here 😞 I hope MS fixes this soon.... or find a not a messy workaround:
- AlexR355Copper ContributorI can confirm that I have the same problem. In an existing policy in which I already have targets with users, I can no longer select Users in Group when I create a new shortcut
- JamesIversenCopper Contributor
I've heard from others the targeting continues to work in policies where user groups were previously set. Modifying an existing policy to include additional user groups for targeting does not yield desired results. This issue impacts new policies, and the editing of existing policies Item-level Targeting by user group. Existing policies continue to function as intended but cannot be updated by addition.
- Jan_FernandBCopper ContributorThat is correct, old targeting, will work, but you can't change them or even modify, user in group option, is greyed out, but the gpo functions as intended.
- JamesIversenCopper Contributor
I was able to apply a new policy using an ugly workaround.
Remove Authenticated Users in security filtering.
Add several groups (Normally reserved for Item-level targeting) to Security Filtering.
Add Authenticated Users under delegation section with Allow Permissions (Read)
leave Item-level targeting section of file blank.
Link policy to OU where both users and computers from unit can inherit\apply policy.
Item-Level Targeting still broken and not being used in new GPOs.
- kelamreesCopper ContributorJumping in here to also confirm that I have this issue on my new AD server.