No-Expert
asked on
Group Policy Security Filter and how it works when a single computer is added
What would be the outcome, if I were to add a single computer to security filter without removing Authenticated Users?
Assumptions:
All users and computers are in OU "Main-OU"
The GPO is linked to "Main-OU"
Not that the number matters, but 100 Users and 100 Computers
No other filters are applied
In other words: Any Authenticated User that logs into that single computer will get the policy, but they would not get the policy when they log into any other computers. Is that correct?
Assumptions:
All users and computers are in OU "Main-OU"
The GPO is linked to "Main-OU"
Not that the number matters, but 100 Users and 100 Computers
No other filters are applied
In other words: Any Authenticated User that logs into that single computer will get the policy, but they would not get the policy when they log into any other computers. Is that correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You will have to do the following to stop "Authenticated Users" from getting the GPO:
- Go to the “Delegation” tab and then “Advanced”
- Select the “Authenticated Users” security group
- Scroll down to the “Apply Group Policy” permission and clear the “Allow” security setting.
If you don't want a specific user/computer to get the GPO then you will have to do as above, but change the “Apply Group Policy” permission to "Deny" security setting.