[gptalk] Security Filtering Computer Based Policies

  • From: "WATSON, BEN" <bwatson@xxxxxxxxxx>
  • To: undisclosed-recipients:;
  • Date: Wed, 20 Aug 2008 08:45:20 -0700

As part of a rollout for a specific policy we are applying to the
company, we are pushing a policy that will be effected by security
filtering at the outset.  It works, and I can test it and when I check
the GPResults I definitely see that the policy was denied by security.


To perform the security filtering, I created a security group, added the
computer accounts that I do NOT want to be affected by the policy, and
then denied that security group the ability to apply the group policy.
As I stated before, it works...   but slowly.


I was wondering if anyone else could explain why after making a change
to the membership of the security group, it seems to take "some time"
for the change to take effect as far as the security filtering is
concerned.  I know it's not a replication issue (if that even matters)
as I push out the changes to the other DCs, yet it still takes awhile
for the change in the security group to effect the security filtering
applied against the GPO.


Any thoughts?






Best way to annoy your co-workers?  E-mail.


Other related posts: