Server 2012 GPO Computer Settings is not applying for security groups

Copper Contributor

Hi

 I am configuring GPO for Local WSUS server in Windows 2012 Domain Server. Need to enable the Local WSUS access for particular security groups only. So i did the following steps.

1. Created Security group

2. Created GPO and modified the windows update policy in Computer Settings.

3. Gave Read only access for Authenticated Users and gave full permission for Security group.

4. Linked the GPO in our domain

But the GPO is not applying and getting error "Filtering denied security".

Herewith i have attached error screenshot. Please guide me to resolve this error.

 

Regards,

Martin Jebaraj

 

 

10 Replies

I'm moving this post to the Windows Server community for better visibility to your question.

I'm guessing that you were modifying permissions for the GPO on the Delegation tab?

 

Which Security Group is added on the Scope tab under Security Filtering? You should remove the Authenticated Users group from the security filtering and add your own security group, no need to change anything on the Delegation tab.

Also check if your security group scope is set to Global.

Hi Martin,

 

It looks like you didn't add the computer account to the Security Group you created. According to the screenshot, it looks like the computer account is only a member of the standard groups. How did you name your security group?

 

Best regards,

Ruud Gijsbers

 

 

Yes.Created security group as global.

Hi Ruud Gijsbers,

 

   Thanks for your update.

I have added computer accounts in the security group. But happening the same issue.

 

Regards,

Martin Jebaraj

Hi Martin,

 

Did you do a gpupdate /force on the machines after you added them to the security group? And what does the gpresult show now?

 

Best regards,

Ruud Gijsbers

Hi,

What is the GPO Status on the Details tab of the GPO? I have seen on occasion it is set to 'All settings disabled'. Also, when going to the Delegation > Advanced to see the extended perms, Apply GPO is checked off and there are no Deny permissions set on Authenticated Users?
What is the GPO Status on the Details tab of the GPO? Also, have any deny permissions been setup on the Authenticated Users?
Disregard this one. Lost connection on the train during the precious post and it said it didn't go through 😉