GPOs can be linked to OUs, sites, or domains. Figure 7 shows the
HQ-Desktops GPO selected in the console tree of the GPMC. The Links
section of the Scope tab in the details pane indicates the
following:
-
The GPO is linked to the Desktops OU, which is in the
Computers OU beneath the HQ-NYC OU of the corp.fabrikam.com
domain.
-
The link is currently enabled. If you disable the link,
the settings in the GPO will not be applied to the users or
computers targeted by the GPO.
-
The GPO’s settings can be blocked by settings inherited
from a GPO linked to a parent OU or to the domain. This is
indicated by Enforced being set to No.
Configuring security filtering
You can configure security filtering on a GPO to refine which
users and computers will receive and apply the settings in the GPO.
For example, you can use security filtering to specify that only
certain security groups within the OU where the GPO is linked apply
the GPO.
To configure security filtering on a GPO, perform the
following steps:
-
Select the GPO beneath the Group Policy Objects node in
the GPMC.
-
Select the Scope tab in the details pane, and click Add in
the Security Filtering section of this tab.
-
Browse the directory to select the security group to
filter on.
-
Once the group you selected is displayed in the Security
Filtering section of the Scope tab, select Authenticated Users
and click Remove. This ensures that the settings in the GPO will
apply only to users and computers that belong to the group you
specified.