Group Policy and Authenticated Users

Hi guys,
I want to apply a group policy to one user only.
In the Security filtering section of the group policy, it has the authenticated users there by default.
Should I remove this group, and then add the specific user to that security filtering section, or is it safe to leave the authenticated users group there.
This user is in an OU with 100s of other users.
I just want to make sure that the other users in this OU dont get the gpo.
Thanks.
LVL 1
Simon336697Asked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
Removing the "Authenticated Users" group from the Security Filtering section and adding a dedicated security group instead is basically the only way to apply a GPO to a user selection inside of an OU.
And even if it's currently only a single user, you should still create a dedicated group "GPO-Apply-<ThatCertainGPO>" or whatever, add the user account to this group, and add this group to the GPO's security filtering. That way, the configuration is basically self-documenting; in addition, the time will come when a second account needs this policy applied as well.
0
 
ZenVenkyConnect With a Mentor ArchitectCommented:
This is bit tricky. However are there any other policies are getting applied on this OU. If your answer is yes, then you have to be very carefull do not change anything "Authenticated Users".
Instead take that single user out of OU and create new policy to give permissions that you want to give.
0
 
JaihuntConnect With a Mentor Commented:
Hi

You can create a Group and add all users in that group except the one user who requires the group policy.

Go to the policy in GPMC and Delegation --> Advanced -->add the Group -- in Permissions Select Apply group policy check deny.

It will Deny Group policy applying to all the users in the Group. In future if you need any changes you can modify to the Group.

Thanks
Jai
0
All Courses

From novice to tech pro — start learning today.