Windows Server Virtual Machines do not download Windows Defender GPO

Federico Coppola 1,181 Reputation points
2020-12-10T16:47:37.033+00:00

Hi all,
I would centralize Windows Defender Antivirus of a few group of server.
I have created a new domain group policy for them from company Domain Controller.

46997-image.png

I have changed Security Filtering from default group "Authenticated User" to "My_AD_Security_Group".
In this Active Directory Security Group I added file server and terminal server. In this security group there are only computer object (not user).

After that I have added Authenticated User group with only "Read Permission" in Delegation tab > Advanced.

46907-image.png

My AD Group has got "Read Permission" and "Apply Group Policy Permission"
47005-image.png

After that I have noted on server side that they did not download GPO settings (I have noted it from rsop.msc output).

All servers are Windows Server 2016.

How can I solve it?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,730 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
{count} votes

4 additional answers

Sort by: Most helpful
  1. Federico Coppola 1,181 Reputation points
    2020-12-11T08:13:52.213+00:00

    Dear @Fan Fan .
    Thanks for your reply.

    Yes I have created GPO and I have linked it to Server OU.

    47353-image.png

    After that I have created security group in default "User" Active Directory OU (I have done the same configuration other times and it worked).

    47179-image.png

    Thanks for your help!
    Federico

    0 comments No comments

  2. Federico Coppola 1,181 Reputation points
    2020-12-12T16:59:36.05+00:00

    Any suggestions?

    Thanks


  3. Federico Coppola 1,181 Reputation points
    2020-12-16T23:33:53.31+00:00

    Dear @Fan Fan ,
    I have waited a day and than I checked again

    Now I have noted that these VM has got GPO (I have checked using (gpresult /r and rsop.msc).

    I do not understand why I do not see any warning that Windows Defender is managed by Administrator. After that I have all option enabled and I can change them directly from Windows Defender panel.

    I do not reboot these VM at the moment due to I can't now.

    Thanks

    0 comments No comments

  4. Federico Coppola 1,181 Reputation points
    2020-12-28T15:56:06.113+00:00

    Dear @Fan Fan ,
    Thanks for your suggestion.
    I am checking

    Best regards
    Federico

    0 comments No comments