This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 27%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Hi all,
I would centralize Windows Defender Antivirus of a few group of server.
I have created a new domain group policy for them from company Domain Controller.
I have changed Security Filtering from default group "Authenticated User" to "My_AD_Security_Group".
In this Active Directory Security Group I added file server and terminal server. In this security group there are only computer object (not user).
After that I have added Authenticated User group with only "Read Permission" in Delegation tab > Advanced.
My AD Group has got "Read Permission" and "Apply Group Policy Permission"
After that I have noted on server side that they did not download GPO settings (I have noted it from rsop.msc output).
All servers are Windows Server 2016.
How can I solve it?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Before going further ,would you please tell which level did you link the GPO you created ?The domain level or the OU?
If you link the GPO to a specific OU, the servers are included in the OU, right?
Best Regards,
Hi,
Please refer to the following policy :
Prevent or allow users to locally modify Microsoft Defender Antivirus policy settings
Best Regards,
Dear @Fan Fan .
Thanks for your reply.
Yes I have created GPO and I have linked it to Server OU.
After that I have created security group in default "User" Active Directory OU (I have done the same configuration other times and it worked).
Thanks for your help!
Federico
Any suggestions?
Thanks
Hi,
If you created the security group when created the GPOs, did you restart servers to refresh the membership ?
In my test, i need to restart the servers 2 times to let them refresh the membership and apply the GPO.
If you have any updates , feel free to let me know.
Best Regards,
Dear @Fan Fan ,
I have waited a day and than I checked again
Now I have noted that these VM has got GPO (I have checked using (gpresult /r and rsop.msc).
I do not understand why I do not see any warning that Windows Defender is managed by Administrator. After that I have all option enabled and I can change them directly from Windows Defender panel.
I do not reboot these VM at the moment due to I can't now.
Thanks
Dear @Fan Fan ,
Thanks for your suggestion.
I am checking
Best regards
Federico