GPO isn't applying: Access Denied (Security Filtering)

group-policy windows-server-2012-r2

Probably solved by now. Answering to add options. Most likely cause of this is an explicit deny. Either in the GPO's delegation, per @user221530's answer, or in a user or group.

Confirm the scope. See if the user who can't apply GPO has the same problem on multiple machines. Confirm that this is the only user who can't apply the GPO. Write a PowerShell script to simulate GPO RSOP on an affected machine while looping through all the users in all the groups that the affected users are in. If you find a group where all the users in the group have the problem, then you've found where the explicit deny is.

When troubleshooting GPOs, be sure to use the PowerShell cmdlet Get-GpResultantSetOfPolicy command and send it to an html file. Be sure to run it against the users who cannot apply the GPO and again against the machines affected. The results are searchable. And the listing includes not just the winning GPO, but the list of ones that did not win for each setting. It may give more information than just GPO Access Denied (Security Filtering).

In this case

  • Check the GPO for delegation permissions
  • Check whether the Group Policy being denied is a domain GPO or a local group policy
  • Check the users objects in AD for explicit denies
  • Look for group membership and a group that might have an explicit deny
  • Perhaps reset the permissions on the users' objects inside AD.

If all else fails, back up the user's data, note the memberships and delete and recreate the account.

Related

How to protect power strips from accidental shut-offs/"cleaning lady" attack?
Are there any "spaces" that violate symmetry of metric spaces?
Find the determinant of the following matrix
Is there a simple formula for the cardinality of $\{A\subseteq\kappa\mid |A|\leq\lambda\}$ when $\lambda\leq\kappa$?
When do (multivariate) polynomial rings fail to be Prüfer rings?
Show by using logical connectives laws that $(P\to Q) \land (Q \to R) $ is equivalent to $(P \to R) \land [(P \iff Q) \lor (R \iff Q)]$
Uniqueness of the connecting morphism in the snake lemma
Mathematical Induction and "the product of odd numbers is odd"
Does an infinite random sequence contain all finite sequences?
How do we compare the size of numbers that are around the size of Graham's number or larger?
Finding an asymptotic for the sum $\sum_{p\leq x}p^m$ [duplicate]
Help with convergence in distribution