We are trying to figure out how to have a computer policy apply for only users in a specific security group. Essentially we have a group of users where we want to lock down things like server manager and powershell, but other users should have access to them on this remote desktop server. The RDP server is in its own OU with the group policy applied. In the group policy we updated the scope to only include the security group of the users we want the computer policy applied to. We also ensured under the delegation tab that authorized users had read access to the group policy.
When we run the group policy modeling wizard group policy is not applied because of security filtering. If we remove the security filtering and just have authenticated users, the group policy is applied … for all users as you would expect.
Thanks in advance for your help!
Dan
Other Details
Windows 2008 R2 Domain and Windows 2012 R2 RDP Server
Best Answer
You can't filter Computer Configuration settings in a GPO based on a security group that contains users as members. Computer Configuration settings apply to computers, User Configuration settings apply to users, and never the twain shall meet.
The reason it works for Authenticated Users is because all computer accounts are members of Authenticated Users.