If you would like a GPO to only apply to a specific group of users you need
to use security filtering. Here are some links that contain info on what
security filtering is and how to set it up:
Filtering the Scope of a GPO
http://msdn.microsoft.com/library/en-us/policy/policy/filtering_the_scope_of_a_gpo.asp
HOW TO: Administer GPO Properties in Windows 2000
http://support.microsoft.com/?id=322176
You would basically use the following steps:
- Create a new GPO and apply it at a high level so it will apply to all user
accounts (such as at the domain level)
- Remove the allow "Apply Group Policy" permission from the Authenticated
users group (but, do not deny)
- Grant the group the Read and the Apply Group Policy permissions
- Configure the GPO
------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)
Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.
