You can use Active Directory security groups and group policy security filtering if you want to restrict the policies applied to subsets of zone computers or users. By creating an Active Directory security group and setting security filtering for a Group Policy Object, you can achieve fine-grain control over where group policies are applied within the Centrify organizational unit structure. For example, you can create an Active Directory group called
europe that has a specific set of computers in it. then restrict the application of group policies to that group.
To enable security filtering of group policies:
- Create the Active Directory security group with the appropriate members.
- Open the Group Policy Management Console and select the Group Policy Object for which you want to enable filtering.
- On the Scope tab, under Security Filtering, click Add.
- Be certain that ‘Group’ appears in Select this object type; if not, Click Object Types and select Groups.
- Type all or part of the name for the group you created for filtering, click Check Names.
If more than one group is returned, select the appropriate group, then click OK.
Click OK to link the security group to scope of the Group Policy Object.