I have a Windows Server 2008 R2 domain and a GPO that has only User policy settings in it and I want to apply it to a single computer in an OU.
I have enabled lookback processing to merge this policy with other applicable policies otherwise the GPO won't apply to an OU of computers.
Where I am getting stuck is with the Security Filtering. I want this policy to apply to all users of a specified computer which I am specifying in the security filtering but I cant figure out how to filter it so that all users of the specified computer get the GPO applied.
If I add the computer to the Security Filtering and remove the Everyone security group, the GPO wont apply. ("gpresult" shows the object filtering as "Denied (Security) "
If I add the user account I am trying to test with the filtering works but it also works on every computer for that user, not just the computer specified in the Security Filtering.
I have done some reading on this problem. Aparrently for this sort of policy to work I need to specify a user or group in the Security Filtering. Someone suggested adding the computer/s you want to restrict the GPO to into a new Security Group and adding that Security Group to Security Filtering along with the computer I am trying to restrict the GPO to. That didn't work either. The same "Denied (Security)" error.
Any idea where I am going wrong folks?