Active Directory - GPO Will Not Apply to Group of Machines

I created a GPO to create a few rules for a set of computers, but no matter what I do, running "gpresult /r" yields "Filtering: Denied (Security)" as admin, or if I'm a regular user, it just doesn't show up as one of the applied policies.

gpupdate /force: Did not work.
Tried rebooting the machines: Did not work.
Scope Tab => Security Filtering: I tried it with a group, but then tried it with individual computers.
Delegation Tab: I made sure the group/machines all had Allow "Read" and Allow "Add Group Policy". I even re-added the permissions manually.
User Configuration Settings: Are set to (Enabled)
Even rebooted the domain controller!

TheFrack

Posted 2014-05-02T18:17:20.023

Reputation: 279

2User settings apply to Users, not to Computers. If you are configuring User settings and you are filtering on Computer objects or Groups that have Computer objects as members then your GPO will not be applied to any Users. – joeqwerty – 2014-05-05T21:54:44.530

Answers

Alright, my fault for being partially vague, but I needed to enable loopback processing mode. I'm new to this whole GPO/Active Directory thing.

TheFrack

Posted 2014-05-02T18:17:20.023

Reputation: 279

Are these computers in their own OU? If so, check if has Block Inheritance enabled. Block inheritance is accompanies with a blue circle with a white exclamation mark (!). If it is enabled, that would prevent a GPO from applying to those machines.

In the picture below, you will see an example.

enter image description here

Keltari

Posted 2014-05-02T18:17:20.023

Reputation: 57 019

Unfortunately they are just under the root part of the domain, but that's useful to know. Thank You. Still wish I could figure out why it won't work. – TheFrack – 2014-05-05T21:35:31.667

I had a strange issue with GPO yesterday. There was something up with some of the Security SIDs. Try removing one of the computers from the domain and place in a work group, then add it back to the domain to see if that takes care of it for that one machine.

I can't guarantee anything, I just know that it resolved my issue. Good luck and please let us know what the end result is, when it's resolved.

3ngin33r

Posted 2014-05-02T18:17:20.023

Reputation: 69