Announcement

Collapse
No announcement yet.

Security Filtering

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Filtering

    So I have this small network of about 11 computers and 2 servers - one of which is set up with WSUS. There are 3 group policies for Automatic Updates - a common GPO, a server GPO and a client GPO.
    The strange thing is that only 4 of the clients ( in the form <computername>$) appear under teh security filtering and no matter what I do , add remove or otherwise, those 4 computers are a permanent fixture there - I can't add the other 7. You are not supposed to edit the security permissions on the policies folder under SYSVOL, but I even tried that at one point, to no avail.
    Has anyone any idea how I can get all computers to show in the security filtering section so that all computers get updates from WSUS?
    TIA
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

  • #2
    Re: Security Filtering

    This isn't an SBS server is it?
    What OS and AD functional level?
    Have you tried using a different admin account to the make the changes?

    Shooting from the hip...
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Security Filtering

      Hi Steven,

      How many domain controlers are in the domain? Is this a child domain?
      Are you using the editor from a client on which RSAT is installed, or, using the gpmc feature installed on a server or.. Is perhaps AGPM installed on the network?


      Try also by connecting GPMC straight to the PDC-emulator (right click on the AD domain, change DC).
      Editing folder permissions under the sysvol folder causes GPO permissions inconsistency (however editing and saving the permissions at the GPO should normally fix this again).


      /Rems
      Last edited by Rems; 5th June 2012, 20:17.

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: Security Filtering

        This IS an SBS and the only DC, but not the only server. I am using the GPMC on the server, though I fail to see why that should matter.
        Last edited by teiger; 6th June 2012, 01:12. Reason: typo
        TIA

        Steven Teiger [SBS-MVP(2003-2009)]
        http://www.wintra.co.il/
        sigpic
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.

        Comment


        • #5
          Re: Security Filtering

          Since the SBS console updates the security filtering on the GPO, what happens when you configure the settings for the client machines there?
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Security Filtering

            What exactly happens when you click the add or delete button? ,, is there an message popping up /or, does computers seems added/removed but disapear/reapear again?


            One possible explanation for the problem might be, although it is a very small network, that the AGPM Service is installed on the network (for all I know about this service!). Make sure that this Management component isn't present. Because if it is active then we should check the AGPM Service, client and communication first.
            • By default, the AGPM Server program files are installed in %ProgramFiles%\Microsoft\AGPM\Server. However during the intallation the pad can be changed. Although the AGPM Service can run on a domain controller or even on a Vista or Windows 7 client if you have to; It is recommended however, that the AGPM Service would have be installed on a member server.
            • The AGPM Client should be installed on all computers on where GPMC is used. The AGPM snapin automacically integrates with the GPMC console. The default program path for the client is %ProgramFiles%\Microsoft\AGPM\Client.
            • If the AGPM Client is installed locally there will be a new folder called "Change Control" added in GPMC. From where changes to controlled GPO should be approved first before the changes take effect.


            /Rems

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment


            • #7
              Re: Security Filtering

              @JeremyW
              Everything appears OK in the SBS console. They all appear under the computers to be updated.

              @Rems
              I have added them manually in the Security Filtering dialogue in GPMC, but obviously "something" automatically returns it to the previous condition. I can't find what that "something"is.
              TIA

              Steven Teiger [SBS-MVP(2003-2009)]
              http://www.wintra.co.il/
              sigpic
              Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

              We donít stop playing because we grow old, we grow old because we stop playing.

              Comment

              Working...
              X