Windows-Server-2003

為什麼組策略被過濾掉了?

  • October 23, 2015

我有一台測試電腦,我正在嘗試新的 GPO。

GPO 是文件夾重定向,而它設置為 - 安全過濾器:經過身份驗證的使用者 - 它連結到測試 OU

執行 gpresult 我得到以下資訊:

Computer Settings

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
    Filtering:  Not Applied (Empty)

My Documents - Redirection
    Filtering:  Not Applied (Empty)

這是 GPO 報告

My Documents - Redirection 
Data collected on: 9/4/2011 15:04:18  

General
Details
Domain optitex 
Owner OPTITEX\Domain Admins 
Created 8/31/2011 16:45:20 
Modified 9/4/2011 14:44:56 
User Revisions 3 (AD), 3 (sysvol) 
Computer Revisions 0 (AD), 0 (sysvol) 
Unique ID {C8B51C9A-04B3-43CE-8BCA-C1FF4574} 
GPO Status Enabled 

Links
Location Enforced Link Status Path 
Desktops Yes Enabled optitex/OptiTex Computers/Default/Desktops 
IT Test Yes Enabled optitex/OptiTex Computers/IT Test 

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and     computers:Name 
NT AUTHORITY\Authenticated Users 

WMI Filtering
WMI Filter Name None 
Description Not applicable 

Delegation
These groups and users have the specified permission for this GPOName Allowed Permissions Inherited 
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No 
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No 
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No 
OPTITEX\Domain Admins Edit settings, delete, modify security No 
OPTITEX\Enterprise Admins Edit settings, delete, modify security No 

Computer Configuration (Enabled)
No settings defined.
User Configuration (Enabled)
Windows Settings
Folder Redirection
My Documents
Setting: Basic (Redirect everyone's folder to the same location)
Path: \\privatenas\%username%
Options
Grant user exclusive rights to My Documents Enabled 
Move the contents of My Documents to the new location Disabled 
Policy Removal Behavior Restore contents 

有沒有辦法可以找出為什麼它被過濾掉了?

看起來您已經在“使用者”樹中定義了組策略對象設置,但正試圖將其應用於包含電腦對象的 OU。GPO 不會以這種方式工作。

請參閱 GPO 報告的部分內容:

電腦配置(啟用)

未定義任何設置。

只有 GPO 的“使用者”部分可以應用於使用者,同樣只有 GPO 的“電腦”部分可以應用於電腦。如果您創建一個包含一些使用者設置的 GPO,然後將其附加到包含電腦的 OU,它不會做任何事情,因為它的任何設置都不被認為是相關的。

對此有一個例外 - 環回處理。但它應該只適用於少數特定情況。

引用自:https://serverfault.com/questions/308024