[gptalk] Re: NULL SID in security groups of computer

  • From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 16 Sep 2008 09:04:13 -0500

Sounds like there is an explicit deny somewhere in the permissions for
that GPO or you've limited the security scope to a group that
workstation is not a member of.


In GPMC, select the GPO, then select the "Scope" tab. Make sure
"Authenticated Users" or "Domain Computers" is listed in the Security
Filtering area. Then select the "Delegation" tab and select "Advanced".
Look for any ACEs where the "read" or "apply group policy" right has
been explicitly denied.


If that is not the case, either manually remove the computer object from
the group showing up as a Null SID or delete the computer object from
AD, then remove/rejoin the workstation to the domain.


Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/> 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of krisani p
Sent: Tuesday, September 16, 2008 8:24 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] NULL SID in security groups of computer



The computer configuration of my GPO is not getting applied.
But User configuration works...

Even the Default Domain Policy is getting filtered out with
"Filtering: Denied {Security)"

I find that the NULL SID is listed as part of the security groups for 
the computer.

I have removed and rejoined the Vista workstation many times.
It didn't make any difference. 

Note that these policies are applied correctly to Windows XP 

Where are the security groups fetched from?
How  do I proceed on this?


Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system. 

Other related posts: