Hi, I am new to GP on the above mentioned. I setup a new server which is the only server as domain controller. Then, I have created a global security group "grp_limited" and assiged a member 'tan1' to the group. The "grp_limited" is a member of "Remote Desktop Users". Everything went fine, and I am able to connect into the server using its own RDC. My first task is to try to disable all drive redirection from this server. I am running the GPMC and created a new policy under "Group Policy Objects" name "MRS L". I created a link in under the "Domain Controllers" and enabled the "MRS L". In the "MRS L" scope, under the "Security Filtering" panel a "Authenticated Users" group was automatically assigned to it. In the "MRS L" policy, I only have a setting. Computer Configuration->Admin Templates->Windows Components-> Terminal Services->Client/Server data redirection->Do no allow drive redirection "Enabled". Then, I run the wizard on tan1 in GP Result, all the policy were applied correctly. Later, I removed the "Authenticated Users" from the "MRS L" policy and replaced with "grp_limited" and do multiple times of "gpupdate /force" and reboot the server. I rerun the wizard earlier and recreate new wizard, this "MRS L" policy just stuck in the Denied GPOs in the result with reasons "Access Denied (security filtering)". I tried with some tool like GPExpert but I still can't figure out what goes wrong. I even tried to set the Delegation to the 'tan1' and 'grp_limtied' with Full Control permission also doesn't help. Can some experts help me on this? bare in mind, I do all these in the same machine. Thank you. *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************