Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Item-level targeting on DNS Computername always returns "True" on Windows 8.1 or Windows Server 2012 R2

Item-level targeting on DNS Computername always returns "True" on Windows 8.1 or Windows Server 2012 R2

View products that this article applies to.

Symptoms

You use item-level targeting in a Group Policy Preferences (GPP) item on Windows 8.1 or Windows Server 2012 R2 computers. When you try to filter for Computer DNS Name, the result is not what you expect. Regardless of the value in the filter, a "True" value is always returned.

When this issue occurs, the Group Policy Object incorrectly gets applied to all computers on the organizational unit (OU).

Steps to reproduce this issue

  1. Create an Active Directory domain.
  2. Join a computer that is running Windows 8.1 and a computer that is running Windows 10 Version 1607 or a later version to the domain.
  3. Add the Windows 8.1 and Windows 10 computer accounts to a new OU.
  4. Link a new Group Policy policy to the OU.
  5. Define a Group Policy folder item, and then create the following folder:

    c:\Bug-test-GPP-Name-filter
  6. Define an item-level targeting, and match it with an existing DNS Computer name that belongs to another computer in the domain. For example, use the name, DC “DC1.contoso.com”.
  7. Refresh Group Policy for the computer.

Notes

  • Problematic behavior: The test folder is created on the computer that is running Windows 8.1, although the filter should not match.
  • Correct behavior: The test folder is not created on the computer that is runnning Windows 10 Version 1607 or a later version.

For diagnostics, you enable computer trace log for the GPP item. For example, see http://gpsearch.azurewebsites.net/#4913.

 

↑ Back to the top

Cause

The implementation retrieves the IP addresses for the local computer name and the name in the GPP. The names are considered to match if they both use the same IP address.

To compare the IP address, the implementation accesses an incorrect memory location that always has the same data. Therefore, the names are always considered to match.

 

↑ Back to the top

Resolution

To fix this issue, upgrade the computers that is trying to apply DNS item-level targeting to Windows 10 Version 1607 or Windows Server 2016 Version 1607 or a later version of either.

Note This issue is fixed in the Version 1607 release of Windows 10 and Windows Server 2016. There is no fix for Windows 10 Version 1511.

 

↑ Back to the top

Workaround

To work around this issue, configure item-level targeting to filter for the COMPUTERNAME environment variable. Or, use NETBIOS name matching if it provides a sufficiently good match.

↑ Back to the top

References

For more information about how to configure Group Policy to use the DNS method of computer name targeting for the suggested workaround, see the following topics:

↑ Back to the top

Keywords: kb, kbsurveynew

↑ Back to the top

Article Info
Article ID : 4047328
Revision : 19
Created on : 10/23/2017
Published on : 10/23/2017
Exists online : False
Views : 742