Home > SCRIPTING, WINDOWS > Group Policy Security Filtering

Group Policy Security Filtering

  • Sharebar

You can’t apply GPO’s to groups or users. GPO’s are applied to local
PC’s, sites, domains and OU’s (in that order I might add), but not to
groups or users. Well my faithful reader, you can apply them to groups
and users too, with a little trickery!

In order to follow along I will give you a little background info. I have created a group called
Test Group in my AD domain. I have configured a domain level GPO called
Test Group that I want to apply to users of the Test Group only. The
first thing I want to do is open up the properties of the domain and
select the Group Policy tab. From this tab select the Group Policy
Object and press the Properties button. This will bring up another box
with a new set of tabs, select the Security tab.

Now here is where we can configure the GPO to only apply to a group
(or a user). You will see a set of groups listed, take note of the
Authenticated Users group. This group includes everyone who has
successfully logged into the domain. You will see that this group has
Read and Apply Group Policy permissions. This will allow any
authenticated user that belongs to the OU to read the GPO settings, and
apply them to the user and/or computer. To apply our GPO to a specific
group we first must uncheck the Apply Group Policy box for Authenticated
Users. Do not check Deny! As we already know, Windows applies the most
restrictive of the combined security settings. If you click Deny, it
will deny the application of the policy to everyone. Now Authenticated
Users will still be able to read the GPO settings but they will not get

The next step is to press the Add button and add the group or user we
wish to apply the GPO too. I have added the Test Group to the security
permissions and given them Read and Apply Group Policy permissions.

That is it! The GPO in this domain will only be applied to users who are members of the Test Group.

Categories: SCRIPTING, WINDOWS Tags:
  1. No comments yet.
  1. No trackbacks yet.

Uses wordpress plugins developed by www.wpdevelop.com Copy Protected by Chetans WP-Copyprotect.