<div>
Does this mean the only way to get it to work is to add domain computers each time? Is there a global place I could enter it instead?
</div>


Does this mean the only way to get it to work is to add domain computers each time? Is there a global place I could enter it instead?

<div>
The default is: &quot;authenticated users&quot; has the read and apply privilege. So if you don't want anyone to apply that policy, just take away &quot;apply&quot; from &quot;authenticated users&quot;. That group includes the group &quot;domain computers&quot;, so that &quot;domain computers&quot; will not need to be dealt with.<br />
<br />
Fort a better fix, look at this: <a href="https://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/" rel="ugc">https://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/</a>&nbsp;(translate it from german if needed). It describes how to change the default security descriptor of the GPO which would mean less work for you in the future.
</div>


The default is: "authenticated users" has the read and apply privilege. So if you don't want anyone to apply that policy, just take away "apply" from "authenticated users". That group includes the group "domain computers", so that "domain computers" will not need to be dealt with.

Fort a better fix, look at this: https://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/ [https://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/] (translate it from german if needed). It describes how to change the default security descriptor of the GPO which would mean less work for you in the future.

<div>
<div class="content wysiwyg-content">
Is something wrong with the Domain or the setup? I’m setting up security groups for the GPs and they’ll only work if I include “Domain Computers”. These are User Policies. Please see picture.<br />
<a href="https://filedb.experts-exchange.com/incoming/2017/10_w41/1199509/Pic.jpg" target="_blank" class="file-inline" title="Pic.jpg (44 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Pic.jpg</a>
</div>
</div>


Pic.jpg

Is something wrong with the Domain or the setup? I’m setting up security groups for the GPs and they’ll only work if I include “Domain Computers”. These are User Policies. Please see picture.

GP works only if &quot;Domain Computers&quot; is included

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

GP works only if &quot;Domain Computers&quot; is included

GP works only if "Domain Computers" is included