Security groups without applied GPOs (Windows)

Module: Active Directory

Supported Platforms: Windows 2000, Windows 2003, Windows 2008

This check reports all security groups in an ADS domain that do not have group policy objects (GPOs) applied to them. This check is intended to run only on domain controllers to produce results for specific domains.

The following table lists the error message for the check.

Table: Error message for Security groups without applied GPOs

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: Policy Compliance

  • Windows 2000 (108135)

  • Windows 2003 (208135)

  • Windows 2008 (251135)

Title: GPOs are not applied to security groups

Description:There are no group policy objects (GPOs) applied to the named security group through sites, domains, or organizational units. This could mean that your security policy is not enforced for this security group.

Severity: yellow-2

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]