What is GPO Security Filtering and How to Set it Up
Note that you need admin's rights to edit Group Policy settings
4 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- Group Policy security filtering helps with assigning permissions to GPOs.
- Linking the GPO to an Organization Unit is a good practice for maintaining the settings.
- The security filtering allows you to select accounts or devices to apply a particular Group Policy Object (GPO).
The Group Policy security filtering is a feature most Windows users have no idea how it works. It is essential as it offers some filtering options that help keep the device safe. More so, a good understanding of the GPO helps you fix issues with the Group Policy on your PC.
What is security filtering?
Security filtering in Group Policy is an Active Directory (AD) functionality. It concerns the Group Policy Object (GPO) implementation. It allows users to specify accounts or devices to a Group Policy Object (GPO) applies.
Furthermore, Group Policy security filtering helps you limit the clients affected by the Group Policy Object (GPO) settings.
Likewise, it allows you to organize GPO settings impact by delegating Read and Apply permissions to the clients or the group they belong.
Why do I need security filtering?
Using the Group policy’s security filtering offers you many advantages. It reduces the stress of assigning permissions to users or groups in the Group Policy editor.
Some notable reasons why you need security filtering include:
- You can create Group Policy Objects (GPOs) – To be more precise, it allows Administrators to create Group Policy Objects (GPOs) for a particular Organization Unit (OU) or the entire domain. Then, it only applies the GPO to specific users or clients that are part of the group.
- Group Policy Object applications management – Group Policy security filtering helps you get past the stress of dealing with authenticated users having insufficient or excessive Group Policy Object applications.
- Mask or lock a Group Policy Object (GPO) in the Group Policy Repository – With that in mind, it is not accessible to users or groups to see or edit the targeted GPOs.
Depending on how conversant you’re with Group Policy filtering, you can use security filtering to improve your Group Policy.
How do I set security filtering in Group Policy?
Before proceeding with the guide for settings security filtering in Group Policy, take care of the following:
- Ensure you are logged in as an administrator on the computer you want to edit its Group Policy.
- Update your Windows operating system to the latest build to access the new features in the Group Policy.
- Restart Windows 11 in Safe Mode to fix startup errors that may affect the Group Policy’s performance on your PC.
After going through the checks above, proceed with the steps below to set security filtering in Group Policy.
1. Via the Group Policy Management Console
1.ย Press theย Windowsย +ย Rย keys to open theย Run app as an administrator.
2. Inputย gpmc.msc in the Run box and press Enter to open theย Group policy management console.
3. Go to the directory containing theย Group Policy Objectย you want to modify and click on it.
4. Navigate to theย Scopeย tab and theย Security Filteringย tab at the bottom of the page.
5. Select theย Authenticated usersย option and clickย Remove or Add to select users, then the computers to the GPO would be applied.
6. Go to theย Select User, Computer, or Groupย dialog box, and input theย name of the groupย whose members you want to apply the GPO.
7. Clickย OKย (objects added to the security filtering appear in theย Delegationsย tab. So you can further assign more permissions).
8. Clickย OKย (objects added to the security filtering appear in theย Delegationsย tab. So you can further assign more permissions).
9. Check theย Allow box for the Apply group policyย option in theย Permissionsย tab below theย Groups or usernamesย tab.
Checking the box will set the security filtering option and apply it to the selected group or user.
You can set up Group Policy security filtering directly from the Group Policy Management Console. You can access it via the Run dialog.
However, we recommend that users link the GPO to an Organization Unit to fix issues that may impede the application of Group Policy options.
2. Link the GPO to an OU (Organization Unit)
- Start your PC and log in with an administrator account.
- Click Start, then select the Windows tools option.
- Navigate to the Group Policy Management Console (GPMC).
- Locate the Organization Unit you want to link to a Group Policy object, right-click on it, and select the Link an existing GPO option.
- Navigate to the Select GPO tab below Group Policy Objects, then select the GPO you want to link.
- Click OK to save the changes in the GPMC.
Linking the GPO to an OU is one of the Group Policy security filtering best practices users can adopt.
Nevertheless, in a few steps, you can learn how to install Group Policy Editor on Windows Home.
Also, we have a detailed guide on installing the Group Policy Management Console on Windows 11 if you have issues accessing it.
We also have a great guide on how to use Gpedit.msc on Server 2019, so don’t miss it.
For further questions and suggestions, leave them in the comments section below. We’d like to hear from you.
User forum
0 messages