What is GPO Security Filtering and How to Set it Up

Note that you need admin's rights to edit Group Policy settings

Reading time icon 3 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Group Policy security filtering helps with assigning permissions to GPOs.
  • Linking the GPO to an Organization Unit is a good practice for maintaining the settings.
  • The security filtering allows you to select accounts or devices to apply a particular Group Policy Object (GPO).
Group policy security filtering

The Group Policy security filtering is a feature most Windows users have no idea how it works. It is essential as it offers some filtering options that help keep the device safe. More so, a good understanding of the GPO helps you fix issues with the Group Policy on your PC.

What is security filtering?

Security filtering in Group Policy is an Active Directory (AD) functionality. It concerns the Group Policy Object (GPO) implementation. It allows users to specify accounts or devices to a Group Policy Object (GPO) applies.

Furthermore, Group Policy security filtering helps you limit the clients affected by the Group Policy Object (GPO) settings.

Likewise, it allows you to organize GPO settings impact by delegating Read and Apply permissions to the clients or the group they belong.

Why do I need security filtering?

Using the Group policy’s security filtering offers you many advantages. It reduces the stress of assigning permissions to users or groups in the Group Policy editor.

Some notable reasons why you need security filtering include:

  • You can create Group Policy Objects (GPOs) – To be more precise, it allows Administrators to create Group Policy Objects (GPOs) for a particular Organization Unit (OU) or the entire domain. Then, it only applies the GPO to specific users or clients that are part of the group.
  • Group Policy Object applications management – Group Policy security filtering helps you get past the stress of dealing with authenticated users having insufficient or excessive Group Policy Object applications.
  • Mask or lock a Group Policy Object (GPO) in the Group Policy Repository – With that in mind, it is not accessible to users or groups to see or edit the targeted GPOs.

Depending on how conversant you’re with Group Policy filtering, you can use security filtering to improve your Group Policy.

How do I set security filtering in Group Policy?

Before proceeding with the guide for settings security filtering in Group Policy, take care of the following:

After going through the checks above, proceed with the steps below to set security filtering in Group Policy.

1. Via the Group Policy Management Console

1. Press the Windows + R keys to open the Run app as an administrator.

2. Input gpmc.msc in the Run box and press Enter to open the Group policy management console.

3. Go to the directory containing the Group Policy Object you want to modify and click on it.

click on the directory you want to edit

4. Navigate to the Scope tab and the Security Filtering tab at the bottom of the page.

5. Select the Authenticated users option and click Remove or Add to select users, then the computers to the GPO would be applied.

select authenticated users

6. Go to the Select User, Computer, or Group dialog box, and input the name of the group whose members you want to apply the GPO.

7. Click OK (objects added to the security filtering appear in the Delegations tab. So you can further assign more permissions).

8. Click OK (objects added to the security filtering appear in the Delegations tab. So you can further assign more permissions).

click on group policy object

9. Check the Allow box for the Apply group policy option in the Permissions tab below the Groups or usernames tab.

Checking the box will set the security filtering option and apply it to the selected group or user.

You can set up Group Policy security filtering directly from the Group Policy Management Console. You can access it via the Run dialog.

However, we recommend that users link the GPO to an Organization Unit to fix issues that may impede the application of Group Policy options.

  1. Start your PC and log in with an administrator account.
  2. Click Start, then select the Windows tools option.
  3. Navigate to the Group Policy Management Console (GPMC).
  4. Locate the Organization Unit you want to link to a Group Policy object, right-click on it, and select the Link an existing GPO option.
  5. Navigate to the Select GPO tab below Group Policy Objects, then select the GPO you want to link.
  6. Click OK to save the changes in the GPMC.

Linking the GPO to an OU is one of the Group Policy security filtering best practices users can adopt.

Nevertheless, in a few steps, you can learn how to install Group Policy Editor on Windows Home.

Also, we have a detailed guide on installing the Group Policy Management Console on Windows 11 if you have issues accessing it.

For further questions and suggestions, leave them in the comments section below. We’d like to hear from you.