Configuring security filtering on a GPO

Remember that one of the most powerful ways to filter your GPOs so that they only apply to specific users or devices is by using the Security Filtering section of a GPO's properties. Setting up Security Filtering inside the GPMC is quite fast and easy, requiring just a few mouse clicks. We must first remove Authenticated Users from Security Filtering so that the GPO no longer applies to everyone and everything, and instead specify a more selective group or even individual user or computer accounts to which the GPO should apply. In PowerShell, we need to use multiple commands for this to happen.

First, we must remove the Authenticated Users permission that exists by default inside any new GPO:

Set-GPPermissions -Name "MyNewGPO" -Replace -PermissionLevel None -TargetName 'Authenticated Users' -TargetType group

Now that the GPO is cleared of Security Filtering settings, it is not applying to anyone at the present time. Step 2 is to plug information back into Security Filtering. I am going to issue a command that sets up Security Filtering for my Server Administrators group:

Set-GPPermissions -Name "MyNewGPO" -PermissionLevel gpoapply -TargetName "Server Administrators" -TargetType group

After running both commands, GPMC now shows me correctly that MyNewGPO is filtered to only the Server Administrators group:

Modifying Security Filtering is really modifying permissions inside Group Policy, which is a topic that we will discuss more thoroughly in a few pages. This example is presented here to give you a quick taste of permissions-related cmdlets, but also because modifying Security Filtering is a very common task for any Group Policy administrator.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.172.220