Apply a GPO to an Active Directory Group

Introduction

In this article, I will explain how to apply a Group Policy (GPO) to an Active Directory group that contains multiple users.

The tutorial also applies in case you want to apply the policy to a particular user.

Prerequisites

  • Have created the Active Directory group
  • Having created the strategy
  • The policy must be correctly placed either at the root of the domain or at the OUs where the users are, not the group.

Apply a strategy to a group

The first step, from the Scope 1 tab of the policy in the Security Filtering 2 section, is to delete the Authenticated Users object and add the group 3 to which the GPO applies.

gpo groupe

Now you have to add read rights to the policy to the Authenticated Users object, go to the Delegation tab 1 and click Add 2 .

Select / Add the object Authenticated Users 1 and click OK 2 .

Add object

Choose the Read permission 1 and click OK 2 .

Read

The Authenticated Users object is added with read permission on the policy.

Conclusion

Prior to the MS16-072 update, it was not necessary to add the Authenticated Users object with Read permission on Group Policies, it was sufficient to add the group in the security filtering.