In tip 2492, I described how to filter local Group Policy.
Using the Security tab of the Properties of a Group Policy object, an administrator can filter the users and computers by using Windows 2000 security groups to set the DACL to allow or deny access to the GPO.
NOTE: With the exception of Folder Redirection and Software Installation, filtering affects the entire GPO.
To set the filter, right-click the root node of the Group Policy snap-in, press Properties, and press Security.
NOTE: You can also open the Properties of a site, domain, or organizational unit and select the Group Policy tab. Right-click the a Group Policy object and select it's Properties.
NOTE: Users and groups must have Read and Apply Group Policy permissions to receive the Group Policy settings. Authenticated Users have Read and Apply Group Policy by default. I would remove these permissions from groups whose members DO NOT need to receive the GPO, to speed up Group Policy processing, and to keep members from viewing the policy.
