Authenticated Users are selected under Security Filtering by default. In most cases you like narrow down the scope to specific user groups. Problem is once you removed Authenticated Users from Security Filtering, users lost link to the group policy. The group policy won't be applied.
To prevent this you need to add Authenticated Users/Domain Computers with read permission under delegation.
- Open up Group Policy Management Console from domain controller by typing gpmc.msc on search field.
- You can add your desired groups under Security Filtering and need to remove Authenticated Users because you don't like to apply it to whole organization.
- Once you removed Authenticated Users, you will see this error message. Simply click OK.
- Go to Delegation tab and click on Add...
- Add Authenticate Users if the policy is for user configuration. Or add Domain Computers if the policy is for computer configuration.
- Set Read permission and click OK.
- Now you need to force the group policy to be applied by this command from command window.
- gpupdate /force
- From client it will be applied after restarting but also you can force to apply by above command from client.
COMMENTS