Applying group policy to certain computers/users

chasekline · 2016-08-08T17:00:04.000Z

I created a new GPO that I want applied to a certain security group. I created an OU, created the security group in that OU, and I am now creating a GPO that is linked to that OU. I only want the GPO to apply to the users inside the security group.

On security filtering I added the security group and removed authenticated users. I know that it is now necessary to add the computers that I want it to apply to. If I add Domain Computers to the security filtering, will it only apply to users that are in that security group, or will it apply to all domain computers regardless of whether or not the user is in that security group?

kevinbade · 2016-08-08T17:05:48.000Z

Create Security Group
Add users to Security Group
Create group policy
Configure security filtering to include the Security Group
Grant Authenticated Users ‘Read’ of group policy under Delegation tab
Drink coffee/Profit

chasekline · 2016-08-08T17:09:11.000Z

Is there no need to add Domain Computers to the security filtering? I thought that Windows update KB3163622 made it so you had to include Domain Computers in order for the policy to apply?

itprotoday.com

ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

IT Pro Today Homepage

DragonsRule · 2016-08-08T17:14:13.000Z

chasekline:

I created a new GPO that I want applied to a certain security group. I created an OU, created the security group in that OU, and I am now creating a GPO that is linked to that OU. I only want the GPO to apply to the users inside the security group.

Is this a GPP? If so you can use Item Level Targeting to control it.

justin1250 · 2016-08-08T17:15:05.000Z

Group policy doesn’t apply to groups.

You have to link your policy to either an OU with Computers or and OU with users.

justin1250 · 2016-08-08T17:17:43.000Z

chasekline:

On security filtering I added the security group and removed authenticated users. I know that it is now necessary to add the computers that I want it to apply to. If I add Domain Computers to the security filtering, will it only apply to users that are in that security group, or will it apply to all domain computers regardless of whether or not the user is in that security group?

As for using security filtering, this depends on if this is a user GPO or a Computer GPO. You can use security filtering to restrict user GPO settings to groups of users or Computer GPO settings to groups of computers.

If your policy is a Computer GPO and you add Domain computers it will apply to Every machine that is in that OU. Note if the OU does not have any user or computer objects in it the GPO will have nothing to apply to.

justin1250 · 2016-08-08T17:19:34.000Z

LarryG.:

Justin1250:

Group policy doesn’t apply to groups.

You have to link your policy to either an OU with Computers or and OU with users.

OP said he did that.

I am now creating a GPO that is linked to that OU.

He said:

 "I created an OU, created the security group in that OU, and I am now creating a GPO that is linked to that OU."

Just making sure there is more than just the new group in that OU.

DragonsRule · 2016-08-08T17:20:35.000Z

Justin1250:

LarryG.:

Justin1250:

Group policy doesn’t apply to groups.

You have to link your policy to either an OU with Computers or and OU with users.

OP said he did that.

I am now creating a GPO that is linked to that OU.

He said:
 "I created an OU, created the security group in that OU, and I am now creating a GPO that is linked to that OU."
Just making sure there is more than just the new group in that OU.

Yeah, I reread what you said and what OP said and realized what you meant. I deleted my post, but it was too late, you’d already quoted me

justin1250 · 2016-08-08T17:21:47.000Z

chasekline:

Is there no need to add Domain Computers to the security filtering? I thought that Windows update KB3163622 made it so you had to include Domain Computers in order for the policy to apply?

ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Yes, you will have to add the read permission not the apply permission.

DragonsRule · 2016-08-08T17:22:46.000Z

chasekline:

Is there no need to add Domain Computers to the security filtering? I thought that Windows update KB3163622 made it so you had to include Domain Computers in order for the policy to apply?

ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Not to the Filter, no. You add them to the Delegation tab.