1

Hi all,

I thought it was worth asking before doing…

I want to apply a GPO (containing computer settings) to a few computers on the network.

My plan is to link the new GPO to the OU where the computers reside.

I am always unsure on the correct way to use security filtering.

For example, do I first put all the test computers in a security group then use security filtering in group policy management console to restrict the application of the GPO to the computers in security group? Do I remove the authenticated users group?

Basically I do not want the GPO to apply to all computers on the network! Not yet anyway.

I think this is the exact same scenario as me…

8 Spice ups
2

Computer GPOs are easier in this, and you are correct. Remove Authenticated Users and just add your Computer Security Group on the Scope tab in Security Filtering. This will automatically add it to the Delegation tab.

In simple terms, Scope is who the GPO applies to and Delegation is who can Read the GPO.

1 Spice up
3

many thanks, and under the delegation tab should I give authenticated users read permissions?

4

I just apply GPO to the correct test OU. No need for security filtering. Just apply to the OU, and all computers at that OU or below will get the GPO at next GPO refresh.

5

kevinmhsieh i did consider this and i have done like this previously, however, the test devices are scattered all over AD and I do not want to start creating new OUs etc.

6

Remove Authenticated from the Delegation tab if you added it. By adding the computer group to the Scope tab, it added the same group to Delegation. So you should be covered.

7

Then you need to do security filtering.

8

As a side note, If you want to target the specific users, then you should add your target Computer accounts to the security group which is located on the Delegation section of the created GPO.