I have a GPO I created that adds a registry value (USER CONFIGURATION -> PREFERENCES -> WINDOW SETTINGS -> REGISTRY). I want it to target a specific group of users that are in a security group I created. The security group I created is called Remote Access VPN Users. I've added myself to said Security Group (did this over a week ago), confirmed replication. Under the SCOPE tab, under Security Filtering, I removed Authenticated Users and added the Remote Access VPN Users security group. Saved and forced gpupdate but it never creates the registry entry.
I tested using Group Policy Results and it keeps telling me that the GPO was Denied because it's inaccessible. Why is it not applying to my Security Group? When I removed the Security Group and add Authenticated Users back to the GPO Scope filtering it works as expected. However, I don't want this to apply to Authenticated Users
Do I need to use a Distribution Group instead of a Security group? The policy is linked to my domain.
If you remove authenticated user, you need to add an entry, domain computer/read in the security. Its a new security MS fixed last year
For the explication please see there;
https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/