Introduction
Group Policy Objects (GPOs) are a powerful tool for managing and configuring Windows environments. However, there may be times when you want to apply a GPO only to a specific group of users or computers within your Active Directory (AD) environment. In this post, we’ll show you how to apply a GPO only to a specified AD group.
How to
Open the Group Policy Management Console (GPMC) by going to Start > Administrative Tools > Group Policy Management.
In the left pane of the GPMC, expand the Forest and Domain nodes until you see the Group Policy Objects node. Right-click on the GPO that you want to apply only to the specified AD group and select “Edit”.
In the Group Policy Management Editor window that opens, navigate to the Scope tab.
In the “Security Filtering” section of the Scope tab, click on the “Add” button.
In the “Select User, Computer, or Group” window that opens, enter the name of the AD group that you want to apply the GPO to and click “OK”.
In the Advanced Security Settings window, select “Authenticated Users” list and then scroll down in the “Permissions for Authenticated Users” box until you see the “Apply group policy” permission.
Uncheck the “Apply” box next to the “Apply group policy” permission and then click “OK” to save your changes.
Notes
Nested group works fine and you can use this method for users and computers
Conclusion
That’s it! The GPO will now be applied only to members of the specified AD group. Keep in mind that applying a GPO only to a specific group can have unintended consequences, so be sure to test your changes thoroughly before implementing them in a production environment.