Jump to content


Software Restrictions Policy

Recommended Posts



I'm in need a little assistance, I'm attempting to have a software restriction policy that blocks access to a few problems for all users, easy enough. But then I would like to allow a certain group of users to have access to this if there added to the correct group.


I created the two gpos and assigned them to two groups and made sure the allow gpo was of Higher Order in this case I set it to one. I also enforced the allow so that it would not be over written by the lower Order GPO.


Problem is I've added a test user to the groups in question, Allow and Deny and I still get the deny.


Any idea why this would be the case?


Thanks in advance



Share this post

Link to post
Share on other sites

I realise this is an old thread, but I wanted to just add my "two cents" here for anyone in the future.

This is likely to be that the Deny policy is still applying, although the Allow policy is enforced. Generally, Deny is always the one which takes precedence in any state.


What you would need to do is either create two OU's (one for the Deny and one for the Allow), and assign each GPO respectively, or the better solution would be to create two groups in AD, adding the relevant users to the groups, removing "Everyone" or "Authenticated Users" from the security on the GPO and adding the relevant groups to the respective policies.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...