Sounds like there is an explicit deny somewhere in the permissions for that GPO or you've limited the security scope to a group that workstation is not a member of. In GPMC, select the GPO, then select the "Scope" tab. Make sure "Authenticated Users" or "Domain Computers" is listed in the Security Filtering area. Then select the "Delegation" tab and select "Advanced". Look for any ACEs where the "read" or "apply group policy" right has been explicitly denied. If that is not the case, either manually remove the computer object from the group showing up as a Null SID or delete the computer object from AD, then remove/rejoin the workstation to the domain. Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of krisani p Sent: Tuesday, September 16, 2008 8:24 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] NULL SID in security groups of computer Hi, The computer configuration of my GPO is not getting applied. But User configuration works... Even the Default Domain Policy is getting filtered out with "Filtering: Denied {Security)" I find that the NULL SID is listed as part of the security groups for the computer. I have removed and rejoined the Vista workstation many times. It didn't make any difference. Note that these policies are applied correctly to Windows XP workstattion Where are the security groups fetched from? How do I proceed on this? Thanks Krisani Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.