+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member
    Join Date
    Oct 2010
    Posts
    857

    Certifications
    CISSP, CEH
    #1

    Default GPO were not applied because they were filtered out

    Hello all,

    So I created a GPO on one of my servers call IE8checks. Now after I finished configuring the policy I went to an OU to test it (Servers). I applied the OU and I made sure that block interence was not checked and I selected the no override option so that over policies will not override the one I created.

    After the policy was created I went to a server logged in and did a gpresult. However, I got this information:

    Applied group policy objects
    Local group policy
    Default Domain Policy
    ModifiedIEHomepage

    The Following GPO's were not applied because they were filtered out
    IE8Checks - Filtering: Not applied (Empty)




    However, when I do an RSOP it says the policy is applied. The policy I created was originally created on another server which is were this new policy is pointing to so I figured we better not block inheritance before of that).

    Any thoughts?
    Reply With Quote Quote  

  2. SS -->
  3. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #2
    Is the new GPO for users or for computers? The OU you linked the new GPO to, does it have users or computers? If you create a GPO that applies to users, you must link it to an OU which has user accounts.
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  4. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #3
    It is saying that it was filtered because it was empty. That's normal. If you put in a bunch of computer configuration settings but no user settings then the policy will show as empty under the user result but applied under the computer result. The opposite is true if it is user settings but no computer settings in the policy. Check your gpresult and see which one is reporting as empty.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2010
    Posts
    857

    Certifications
    CISSP, CEH
    #4
    Quote Originally Posted by Essendon View Post
    Is the new GPO for users or for computers? The OU you linked the new GPO to, does it have users or computers? If you create a GPO that applies to users, you must link it to an OU which has user accounts.
    Just Computers / Servers. They were applied to thee Server OU and Workstation OU.

    Quote Originally Posted by undomiel View Post
    It is saying that it was filtered because it was empty. That's normal. If you put in a bunch of computer configuration settings but no user settings then the policy will show as empty under the user result but applied under the computer result. The opposite is true if it is user settings but no computer settings in the policy. Check your gpresult and see which one is reporting as empty.
    Interesting. I will re check the gpresult. The GPO is just a bunch (113) computer configuration changes.
    Reply With Quote Quote  

  6. VCDX in 2017 Essendon's Avatar
    Join Date
    Sep 2007
    Location
    Melbourne
    Posts
    4,489

    Certifications
    VCIX-NV, VCAP5-DCD/DTA/DCA, VCP-5/DT, MCSA: 2008, MCITP: EA, MCTS x5, ITIL v3, MCSA: M, MS in Telecom Engg
    #5
    Also what do you have under security filtering when you click on the Scope tab of the GPO. It should have a security group that contains the computer accounts you want this GPO to apply to.

    One more thing, did you restart the servers you wanted the GPO to apply to? Some computer policies apply only after the machine has been restarted. If this a production network and you cant restart the servers, then in the security filtering tab add the servers you want this apply to and do a gpupdate /force on the relevant servers. I've seen if you apply security filtering to a group (with computers in it), the computers need a restart. Whereas if you add the servers explicitly to security filtering and do a gpupdate /force, the servers pick up the policy instantly.
    VCDX: DCV - Round 2 rescheduled (by VMware) for December 2017.

    Blog >> http://virtual10.com
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2010
    Posts
    857

    Certifications
    CISSP, CEH
    #6
    Well it was the user settings that were getting filtered out because I only did computer settings! The policy did get applied to all the servers and user workstations


    Thank you for all your input! I learn more everyday I come on this forum Now I have to export this to the other domains though GPMC was not installed on the one server I hope its on the server I was working on if not I will install it on my laptop and work from there.
    Last edited by higherho; 05-25-2011 at 01:53 PM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks