How do I apply user Group Policy to only some users?

jasons2 · 2018-11-28T14:06:13.000Z

This is not a question. I was going to post it as a question but found the fix. So if anyone faces similar problem, here is the fix.

Problem: I am trying to apply a group policy to only some users who are part of a security group. I put that security group in security filtering (and remove ‘Authenticated Users’) and it does not apply. The only way to apply this is when I add ‘Authenticated users’ also in security filtering. When I do this, it applies to all users! Based on similar posts here, I went to advanced tab under delegation and took off ‘Apply Group Policy’ for authenticated users but then ‘Authenticated users’ disappears from Security filtering and policy stops applying to any users. Frustrating.

Solution:

Add the user in Scope tab> Security Filtering. If the user/ users are part of a security group, add the group.
Delegation tab, remove authenticated users (windows will throw a message at this point, just hit OK on it). Add ‘Domain Computers’. Advanced> make sure ‘Apply Policy’ is unchecked for Domain Computers and ‘Read’ is checked.

If the GPO needs to be applied to a specific business unit (ex. Accounting), see if there is an OU for that group in AD and link the GPO to that OU (and unlink from other places). If there is no OU for the group, make a security group and do the above steps to apply security filtering to the OU.

starg33ker · 2018-11-28T14:08:43.000Z

Item-level targeting works well too!

jasons2 · 2018-11-28T14:50:44.000Z

starg33ker:

Item-level targeting works well too!

For some reason, I keep having problems with ITL. I gave it another shot just now and it didn’t work.