none
Item Level Targeting not filtering out for one user (only occasionally)

    Question

  • I've got a mapped drive Group Policy that has item level targeting set up to only install the mapped drives for users of a certain group, or groups.  Everything has been working great for almost 2 years, and all the sudden I have 1 user, who randomly gets ALL the mapped drives installed even if they are not a member of that group.  One of the mapped drives is very sensitive and targeted to two users (sid-matching) and this user is getting that drive mapped as well, so I know it's not an issue with group membership or anything like that.  Now NTFS permissions don't let her access the information, but I'm trying to find out why this is happening.

    I've had the user disconnect the drives and reboot, and they do not come back up right way, but for the second time now, they just appeared at some point in the middle of the day.  This is the second time this has happend, the first time, I disconnected and rebooted  and they were gone, now a few days later and they are back again.  Anybody ever run into this before or have any insights?   I've tried to google-fu my way through this but unfortunately, I can't find anything on this specific case were the user is getting drives they aren't supposed to and they are not a member of the group or even user that this policy is filtering for.

    Monday, February 29, 2016 4:49 PM

Answers

  • Hi,
    Based on my understanding, the issue only happened on the specific user, I suppose there is other group policy settings which may lead this or it may be caused by unknown application, the other group policy etc...

    Please try suggestions as below:
    1. Confirm that no other related group policy is configured for that user to map drives by running gpresult command or using group policy result wizard.
    2. Use process monitor tool to capture which detail process caused the issue, please see details from https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
    3. Scan system by anti-virus software to check if there is any virus.
    4. Check whether the user recently installed 3rd party application. If so, disable it and check again.

    Besides, according to your scenario, I would suggest you use security filter instead of item level targeting. You could see more about security filter from https://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx

    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 01, 2016 7:00 AM
    Moderator