One of our vendors is requesting that we provide Skype access, which uses specific ports and IPs. In order to facilitate the access, we need to deploy a set of Windows firewall rules. The target clients are spread across different OUs and therefore cannot be applied based on OU. Instead, I created a group with the users' machines. The problem is that the GPO doesn't apply to the machines. I've tried a gpupdate /force and a reboot, but the policies don't apply.
The interesting thing is that if I add the computers individually, the computers will get the GPO. It only appears to be the computer group that will not take the GPO.
The settings for the GPO are:
The GPO is applied at the toplevel of the domain and relies on security filtering.
My security settings are currently set to:
Read Allow
Apply Group Policy Allow
Links:
Enforced No
Link Enabled Yes
Security Filtering lists only my group. I removed authenticated users.
GPResults
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Firewall Exception for Java for Ecommerce PCs
Filtering: Not Applied (Unknown Reason)
Firewall Exception - Skype for Business
Filtering: Not Applied (Unknown Reason)
The computer is a part of the following security groups
-------------------------------------------------------
Firewall_Exception_ECommerce_Java
Firewall_Exception_Skype_For_ADS
Best Answer
Just as a user needs to log out and back in to reflect group membership changes, a computer needs to reboot to reflect group membership changes.