Applying Security filtering Using GPMC - 02 Jan 2008

Q. How can I apply Security filtering using Group Policy Management Console (GPMC)?

A. The GPMC makes it easy to filter the application of a Group Policy Object (GPO) based on security. Remember, to apply a GPO, a user needs the "Apply group policy" right. We can manually remove the Read and Apply Group Policy permissions for the Authenticated Users and grant other users/groups the Read and Apply permissions. However, with GPMC this is not required. Security filtering is set on the GPO and not the link, so to modify the security filtering, you select the GPO and select the Scope tab. Under the Security Filtering section, select Authenticated Users and select Remove. Next, click Add and select the user or group that will need to apply the GPO, and click OK. Now only the selected users/groups listed under Security Filtering will be able to apply the GPO. If you now select the Delegation tab, you can view the security. If you select the Advanced button you will see the Authenticated Users no longer have Read or Apply permissions, whereas the users/groups you added to the security filtering section now have Read and Apply permissions.

— John Savill
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.