Windows Server Virtual Machines do not download Windows Defender GPO

Federico Coppola 1,181 Reputation points

Hi all,
I would centralize Windows Defender Antivirus of a few group of server.
I have created a new domain group policy for them from company Domain Controller.


I have changed Security Filtering from default group "Authenticated User" to "My_AD_Security_Group".
In this Active Directory Security Group I added file server and terminal server. In this security group there are only computer object (not user).

After that I have added Authenticated User group with only "Read Permission" in Delegation tab > Advanced.


My AD Group has got "Read Permission" and "Apply Group Policy Permission"

After that I have noted on server side that they did not download GPO settings (I have noted it from rsop.msc output).

All servers are Windows Server 2016.

How can I solve it?

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,730 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
{count} votes

4 additional answers

Sort by: Most helpful
  1. Federico Coppola 1,181 Reputation points

    Dear @Fan Fan .
    Thanks for your reply.

    Yes I have created GPO and I have linked it to Server OU.


    After that I have created security group in default "User" Active Directory OU (I have done the same configuration other times and it worked).


    Thanks for your help!

    0 comments No comments

  2. Federico Coppola 1,181 Reputation points

    Any suggestions?


  3. Federico Coppola 1,181 Reputation points

    Dear @Fan Fan ,
    I have waited a day and than I checked again

    Now I have noted that these VM has got GPO (I have checked using (gpresult /r and rsop.msc).

    I do not understand why I do not see any warning that Windows Defender is managed by Administrator. After that I have all option enabled and I can change them directly from Windows Defender panel.

    I do not reboot these VM at the moment due to I can't now.


    0 comments No comments

  4. Federico Coppola 1,181 Reputation points

    Dear @Fan Fan ,
    Thanks for your suggestion.
    I am checking

    Best regards

    0 comments No comments