Forum Discussion

JamesIversen's avatar
JamesIversen
Copper Contributor
Aug 27, 2024

User\User Group Item level targeting in GPO fails after KB5041578 installation

Hello All!!!

It appears that I am unable to create new GPO's which user the item level targeting option of User or User Group...

When attempting to configure User Configuration (Enabled)>Preferences>Windows Settings>Files to send a specially crafted shortcut to a group of users, the Common>Item-level targeting Targeting button allows New Item>Security Group to be selected from drop down but allows me to only select "the computer is a member of the security group". The option for User in Group is greyed out.

Normally, I would not think it was possible to select a "Computer, or Computer Group" in the User Configuration.

Is there an estimated time to resolve this so I can publish these specially crafted shortcuts to my customers?

  • Jan_FernandB's avatar
    Jan_FernandB
    Copper Contributor
    Same here 😞 I hope MS fixes this soon.... or find a not a messy workaround:
  • AlexR355's avatar
    AlexR355
    Copper Contributor
    I can confirm that I have the same problem. In an existing policy in which I already have targets with users, I can no longer select Users in Group when I create a new shortcut
    • JamesIversen's avatar
      JamesIversen
      Copper Contributor

      I've heard from others the targeting continues to work in policies where user groups were previously set. Modifying an existing policy to include additional user groups for targeting does not yield desired results. This issue impacts new policies, and the editing of existing policies Item-level Targeting by user group. Existing policies continue to function as intended but cannot be updated by addition.

      • Jan_FernandB's avatar
        Jan_FernandB
        Copper Contributor
        That is correct, old targeting, will work, but you can't change them or even modify, user in group option, is greyed out, but the gpo functions as intended.
  • JamesIversen's avatar
    JamesIversen
    Copper Contributor

    I was able to apply a new policy using an ugly workaround.

    Remove Authenticated Users in security filtering.

    Add several groups (Normally reserved for Item-level targeting) to Security Filtering.

    Add Authenticated Users under delegation section with Allow Permissions (Read)

    leave Item-level targeting section of file blank.

    Link policy to OU where both users and computers from unit can inherit\apply policy.

    Item-Level Targeting still broken and not being used in new GPOs.

  • kelamrees's avatar
    kelamrees
    Copper Contributor
    Jumping in here to also confirm that I have this issue on my new AD server.

Resources