[Updated on Date: 2021-01-29] As you know, GPOs are applying to computers. The most common way to do this is by linking the computer’s GPO to the Computer OU. By default, a policy applies to all computers that contain OU. If there is a specific policy for only a few specific computers, then these computers should be in the Active Directory computer group. In this article, we will learn how to apply Group Policy to a computer in Active Directory. You can visit the packages available in Eldernode to purchase a Windows VPS server. Join us to learn this tutorial.
Table of Contents
Tutorial apply Group Policy to a computer in Active Directory
In this tutorial, we are going to look at how to apply GPO to a computer group in Active Directory. This method is much more efficient than creating a new OU for computers that want to do this.
Apply Group Policy to a computer in Active Directory
In this example, computers are in a domain called asaputra.com, and the domain controller is installed on Windows Server 2012, version R2. All client computers have Windows 10 and are in the Prod OU. A policy called Secured Computer Policy has been created and linked to OU called Prod.
***
How to filter Secured Computer policy to apply to WKS002 and WKS003
The following step-by-step instructions show how to filter Secured Computer policy to apply to WKS002 and WKS003.
Creating a group
The group should be built in an OU to which the policy is linked. Open OU on the Active Directory Users and Computers console.
Right-click on an empty area of the page and select New >> Group.
Enter the group name.
In the Global Scope section, select Global.
From the group type section, select Security.
Click OK to save the settings and create a group. As shown below, the group must be displayed in OU.
Add target computers as group members
Double-click the group name to open the settings. Select the Members tab and click the Add button.
The following window opens. Click Object Types and make sure Computers is checked.
***
Now enter the names of the target computers mentioned above with a semicolon (;) to separate them. Then click Check Names. If typed correctly, the names will display as shown below with a dash below them.
Make sure all target computers are members of the group, then click OK to confirm.
Change the GPO security settings
Log in to the Group Policy console. Select the policy you want to change and then enter the Scope tab.
In the Security Filtering section, select Authenticated Users and click Remove.
In the same Security Filtering section, click the Add button.
Enter the name of the group that was created in the previous step. Click Check Names to make sure the typed name is correct, then click OK.
Make sure the group is added to the list.
How to check the policy to apply correctly
We can make sure that the policy is applying correctly. On the client computer, run cmd as run as administrator and enter the command gpresult / r / SCOPE COMPUTER. On computers that are part of the SECURED_COMPUTER group (ie WKS002 and WKS003), you see that the result is applying correctly.
But on a computer that is out of the group, the result shows that no policy has been applied.
Keep in mind that applying GPOs to a computer group is a bit confusing. If you see a GPO that has not been applied to a computer that is a member of the target group, then the computer may not yet have noticed that it is a member of the group. To check your computer membership, use the command above and scroll down to see the information below.
Conclusion
In this article, we tried to fully explain how to apply Group Policy to a computer in Active Directory using images in Windows Server 2012. How to filter Secured Computer policy to apply to WKS002 and WKS003 was also taught step by step. Finally, the results of the work in the CMD environment were evaluated.
What is a Group Policy or GPMC Management Console?
Group policy management console is one of the features of Windows Server that can be installed through Server manager or using the Install-WindowsFeature GPMC command.
What is the Group Policy Object Editor?
What is Group Policy Management Editor?
The Group Policy Object Editor or GPOE is a tool used to edit the policies of local group computers and users.
What are the differences between GPOE and GPME?
GPME not only includes the Policy Settings node, but also the preferences setting node, which is only available at the domain level. GPME is installed on Vista and later Windows by downloading and installing RSAT tools (Remote Server Management Tool) for each service pack specific to an operating system. On Windows Servers 2008, 2008 R2 and 2012, Group Policy tools can be installed using the Add Features applet in Server Manager.
Template What services do the executable files in the Group policy include?
Administrative templates directly offer settings for many different products and services. For example, Desktop, Event Logs, Power, Printing, and Windows Remote Management are just a limited number of known executable templates that provide us with executable and control features.