Our primary domain group policy adds a certain groups to the local Administrators group on workstations. I would like to have the IT Dev staff computers add one extra group to the local admin group.
So I created a new GPO and added all the existing groups that need to be applied plus the new one. The problem is that the primary domain policy takes precedence and as a result my one specific change is not applied. I just want this one change to append to the primary GPO.
Is this possible or do I need to create a GPO specific for Dev team and deny the primary GPO from being applied to them? I would love to avoid that if possible.