GPO only works on authenticated users

permissions active-directory group-policy
18,222

There was a change in GPOs recently (security issue that was corrected in Windows Update KB3163622) that I'm pretty sure is what you're running into.

After the new security change, if Authenticated Users is not in the Delegation tab, the GPO won't work (period).

When you remove Authenticated Users from the Security Filter via the GUI, it ALSO removes it from the Delegation tab. This used to not be a problem, now it is. :)

So, after you remove Authenticated Users from the Security Filtering, add them (back) into the Delegation tab (Read-only access should be enough), and then continue editing your Security Filter as you wish.

enter image description here

Picture source, and more info is available from MS here:

Deploying Group Policy Security Update MS16-072\KB3163622 (Posted June, 2016).

Share:
18,222

Related videos on Youtube

Vinny
Author by

Vinny

Updated on September 18, 2022

Comments

  • Vinny
    Vinny almost 2 years

    I am trying to apply a group policy to select users. All of the select users are in a security group. The group policy includes user settings

    I am applying the policy to an OU that includes the user i'm testing with (I've also tried on an OU where the computer is). After it is applied, I run gpresult /r and see that its not applied and it says:

    Filtering: Not applied (Unknown Reason).

    Digging deeper if I run gpresult /scope user /h rsop.html, it says that it's "inaccessible"

    Strangely, if I remove my security group from the security filtering and add Authenticated Users, it works fine.

    I've re-created the policy and the security group and still the same result.

    Does anyone have any suggestions? I know I'm missing something. Are there additional permissions that need to be applied to the security group in AD?

    Thanks!

  • Vinny
    Vinny almost 8 years
    dude, you are the man. this explains why our GPO for a bunch of stuff stopped working recently. thank you so much

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Active Directory Allow User to Install Only
Filtering GPO's Based on Computer Account Security Group
Can I use group policy to set the permissions on registry keys?
Bizarre - Domain Admin has no rights to modify domain scripts directory
How can I remove my users from local admin rights with a GPO?
Trouble getting GPO logon script to run using Active Directory Domain Services
TF246017 Error when opening TFS Administration Console
"Temporarily" disable group policy?
Setting disk quotas with Active Directory
Windows 10 Hello on domain-joined computer - Credentials could not be verified