Jump to content

Sign in to follow this  

Apply Group Policy to Security Groups

Recommended Posts

As I work in Managed Services on a global scale we have the requirement from our Clients frequently to apply individual GPO to machines in the form of Highly Managed, Lightly Managed and Un-Managed.


This guide WILL give you a basic run down of how to apply this filtering.

This guide will NOT provide GPO Settings, i may if i get time put together a cleaned up guide for this based loosely on our Templates.


This guide assumes that you have first setup Windows Server 2008 and configured it for Active Directory.


In a production environment please consult Technet for best practise, see below links:


Design Active Directory:

Document - http://technet.microsoft.com/en-us/library/bb727085.aspx

WebCast - http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032317872&CountryCode=US


Implement Active Directory: http://technet.microsoft.com/en-us/library/cc778219(WS.10).aspx


Assigning Rights on OU Objects: http://technet.microsoft.com/en-us/library/cc786285(WS.10).aspx



Best Practices Analyzer for Active Directory Directory Services (BPA AD DS): https://connect.microsoft.com/ADBPA?wa=wsignin1.0




Create your Security Groups.


Open Active Directory Users and Computers:




Create your GPO Security Groups, (Highly, Lightly and Un-Matched is our standard)

e.g. <sitecode>-GPO-Highly-Managed, Global Group, Security Group



Example output:-



Create your Group Policy Objects

Open GPEdit.msc


Navigate to “Group Policy Objects”

Right-Click – Select “New”

– Create your GPO’s to suit the above created Groups.





Build your GPO to your required levels


Applying Group Policy to the Security Groups

Navigate down your OU Structure to where you wish to apply your Group Policies:



Example: REGIONS\APAC\<country>\<sitecode>\Workstations\


Right Click the OU you want to apply GP too (Workstations) , select “Link an Existing GPO…”

Select your Group Policy Object to link and Click OK


Select the GPO you have just linked:


Select Authenticated Users and Click Remove.


Click Add and Type in the Security Group name specific to this GPO


Example: <sitecode>-GPO-Highly-Managed




Complete for the remaining GPO’s you wish to use



Let me know if i missed anything or any recommended changes :-)

Edited by jamitupya

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...