Where settings within a Group Policy Object you have created does not natively support targeting (that is, settings that do not allow you to customise the users or groups that the settings should applied for) you can explicitly set a Security Group the the Group Policy Object applies to.
To do this:
- Open Group Policy Management.
- Click on the Group Policy Object that you want to apply to a specific group, then click the Delegation tab.
- In the lower right of the page, click Advanced.
- Click Authenticated Users and make sure that the Apply group policy permission is unchecked against Allow.
NOTE: Keep the Read permission check marked. This is required for correct
processing of the Group Policy Object against domain-joined resources.
- Click Add and located the Security Group that you want to have this Group Policy Object apply to.
- Click the Security Group you have added and ensure that Allow is check marked against the Read and Apply group policy permission.
- Click OK to keep the changes made.
- You can confirm the change in the Scope tab of the Group Policy Object. Under the Security Filtering section, Authenticated Users will no longer appear replaced with the Security Group added in the above steps.
NOTE: For Group Policy Objects that map network drives, you should NOT perform
the above against multiple policies. Instead use targeting which is available
for mapping drive and use only one policy to reduce the processing time at logon.
Please sign in to leave a comment.