Windows-Server-2003
為什麼組策略被過濾掉了?
我有一台測試電腦,我正在嘗試新的 GPO。
GPO 是文件夾重定向,而它設置為 - 安全過濾器:經過身份驗證的使用者 - 它連結到測試 OU
執行 gpresult 我得到以下資訊:
Computer Settings The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) My Documents - Redirection Filtering: Not Applied (Empty)這是 GPO 報告
My Documents - Redirection Data collected on: 9/4/2011 15:04:18 General Details Domain optitex Owner OPTITEX\Domain Admins Created 8/31/2011 16:45:20 Modified 9/4/2011 14:44:56 User Revisions 3 (AD), 3 (sysvol) Computer Revisions 0 (AD), 0 (sysvol) Unique ID {C8B51C9A-04B3-43CE-8BCA-C1FF4574} GPO Status Enabled Links Location Enforced Link Status Path Desktops Yes Enabled optitex/OptiTex Computers/Default/Desktops IT Test Yes Enabled optitex/OptiTex Computers/IT Test This list only includes links in the domain of the GPO. Security Filtering The settings in this GPO can only apply to the following groups, users, and computers:Name NT AUTHORITY\Authenticated Users WMI Filtering WMI Filter Name None Description Not applicable Delegation These groups and users have the specified permission for this GPOName Allowed Permissions Inherited NT AUTHORITY\Authenticated Users Read (from Security Filtering) No NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No NT AUTHORITY\SYSTEM Edit settings, delete, modify security No OPTITEX\Domain Admins Edit settings, delete, modify security No OPTITEX\Enterprise Admins Edit settings, delete, modify security No Computer Configuration (Enabled) No settings defined. User Configuration (Enabled) Windows Settings Folder Redirection My Documents Setting: Basic (Redirect everyone's folder to the same location) Path: \\privatenas\%username% Options Grant user exclusive rights to My Documents Enabled Move the contents of My Documents to the new location Disabled Policy Removal Behavior Restore contents有沒有辦法可以找出為什麼它被過濾掉了?
看起來您已經在“使用者”樹中定義了組策略對象設置,但正試圖將其應用於包含電腦對象的 OU。GPO 不會以這種方式工作。
請參閱 GPO 報告的部分內容:
電腦配置(啟用)
未定義任何設置。
只有 GPO 的“使用者”部分可以應用於使用者,同樣只有 GPO 的“電腦”部分可以應用於電腦。如果您創建一個包含一些使用者設置的 GPO,然後將其附加到包含電腦的 OU,它不會做任何事情,因為它的任何設置都不被認為是相關的。
對此有一個例外 - 環回處理。但它應該只適用於少數特定情況。