none
Group Policies denied filtering

    Question

  • Hi,

    I have a hyper-v virtual machine server 2008R2 dc.

    I have several group policies in my dc. All of the policies were linked under the root domain.

    In the security filtering I've added my user groups in each policy. All of the groups have the read & apply group policy permissions. In the gpresult /r command I'm keep getting the reports that my policies are in denied filtering.

    I have also the DFS role installed on the dc. Maybe the DFS role causing the problem?

    Saturday, October 12, 2013 11:43 AM

Answers

  • Hi, for help with this issue

    try the dedicated Group Policy forum:
    http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverGP

    if GPresult is returning "Denied: Filtering", this means that you have applied AD security filters, or WMI security filters to that GPO, and the user or computer in the scope does not meet the requirement you have set.
    These are stored/applied in the AD, not in the file system, so I can't imagine that the DFS role would matter.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Saturday, October 12, 2013 12:11 PM

All replies

  • Hi, for help with this issue

    try the dedicated Group Policy forum:
    http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverGP

    if GPresult is returning "Denied: Filtering", this means that you have applied AD security filters, or WMI security filters to that GPO, and the user or computer in the scope does not meet the requirement you have set.
    These are stored/applied in the AD, not in the file system, so I can't imagine that the DFS role would matter.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Saturday, October 12, 2013 12:11 PM
  • Hi,

    It has been a while. Is there any update with the issue? Have we followed the suggestion provided by Don to check whether there is any filtering applied on the scope of the policy? If the issue still persists, please don’t hesitate let us know.

    Besides, regarding security filtering, WMI filtering, Item-level Targeting in GPP, the following blog may be referred to for more information.

    Security Filtering, WMI Filtering, and Item-level Targeting in Group Policy Preferences

    http://blogs.technet.com/b/grouppolicy/archive/2009/07/30/security-filtering-wmi-filtering-and-item-level-targeting-in-group-policy-preferences.aspx

    In addition, if necessary, we may also collect GPMC log to look at the issue.

    GPMC log

    ==================
    1.   On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console.
    2.   Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper user in the wizard)
    3.   Right click the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.

    After getting the report, you may upload it to the Skydrive and provide us the download link.

    Best regards,

    Frank Shen


    Friday, October 18, 2013 2:39 PM