[Updated on Date: 2021-01-29] As you know, GPOs are applying to computers. The most common way to do this is by linking the computer’s GPO to the Computer OU. By default, a policy applies to all computers that contain OU. If there is a specific policy for only a few specific computers, then these computers should be in the Active Directory computer group. In this article, we will learn how to apply Group Policy to a computer in Active Directory. You can visit the packages available in Eldernode to purchase a Windows VPS server. Join us to learn this tutorial.
Table of Contents
Tutorial apply Group Policy to a computer in Active Directory
In this tutorial, we are going to look at how to apply GPO to a computer group in Active Directory. This method is much more efficient than creating a new OU for computers that want to do this.
Apply Group Policy to a computer in Active Directory
In this example, computers are in a domain called asaputra.com, and the domain controller is installed on Windows Server 2012, version R2. All client computers have Windows 10 and are in the Prod OU. A policy called Secured Computer Policy has been created and linked to OU called Prod.
How to filter Secured Computer policy to apply to WKS002 and WKS003
The following step-by-step instructions show how to filter Secured Computer policy to apply to WKS002 and WKS003.
Creating a group
The group should be built in an OU to which the policy is linked. Open OU on the Active Directory Users and Computers console.
Right-click on an empty area of the page and select New >> Group.
Enter the group name.
In the Global Scope section, select Global.
From the group type section, select Security.
Click OK to save the settings and create a group. As shown below, the group must be displayed in OU.
Add target computers as group members
Double-click the group name to open the settings. Select the Members tab and click the Add button.
The following window opens. Click Object Types and make sure Computers is checked.
Now enter the names of the target computers mentioned above with a semicolon (;) to separate them. Then click Check Names. If typed correctly, the names will display as shown below with a dash below them.
Make sure all target computers are members of the group, then click OK to confirm.
Change the GPO security settings
Log in to the Group Policy console. Select the policy you want to change and then enter the Scope tab.
In the Security Filtering section, select Authenticated Users and click Remove.
In the same Security Filtering section, click the Add button.
Enter the name of the group that was created in the previous step. Click Check Names to make sure the typed name is correct, then click OK.
Make sure the group is added to the list.
How to check the policy to apply correctly
We can make sure that the policy is applying correctly. On the client computer, run cmd as run as administrator and enter the command gpresult / r / SCOPE COMPUTER. On computers that are part of the SECURED_COMPUTER group (ie WKS002 and WKS003), you see that the result is applying correctly.
But on a computer that is out of the group, the result shows that no policy has been applied.
Keep in mind that applying GPOs to a computer group is a bit confusing. If you see a GPO that has not been applied to a computer that is a member of the target group, then the computer may not yet have noticed that it is a member of the group. To check your computer membership, use the command above and scroll down to see the information below.
In this article, we tried to fully explain how to apply Group Policy to a computer in Active Directory using images in Windows Server 2012. How to filter Secured Computer policy to apply to WKS002 and WKS003 was also taught step by step. Finally, the results of the work in the CMD environment were evaluated.