Security Filtering is used to apply policy settings to only a particular set of users and computers. By default, all authenticated users will receive the policy settings. To apply the GPO only to a particular set of users and computers, follow these steps:
- In the left pane of the GPMC snap-in, browse to the container and select the GPO
- In the right pane, select the Scope Tab. Under the Security Filtering section, select Authenticated Users and click Remove
- Now click Add to add the security principals to which the policy settings will be applied
Windows Management Instrumentation (WMI) filtering is used to apply GPOs based on certain properties of the target computer. WMI filters can be created based on the target computer’s make, model, operating system, time zone, etc. The following steps illustrate how to create a WMI filter:
- In the left pane of GPMC, browse to the WMI filters container
- Right-click the WMI filters container and select New
- In the New WMI filter dialog box, enter the name and description of the filter. Click Add to enter the WMI query.
For example, the following query filters out computers based on their operating system: “Select * from Win32_OperatingSystem where Caption = “Microsoft Windows XP Professional”. Click Save
- Now choose the GPO for which the WMI filter has to be applied
- In the right pane, select the Scope Tab. Under the WMI Filtering section, choose the WMI filter from the drop down list and click Yes in the confirmation box that appears
Now, the GPO will be applied to only the computers running the Windows XP Professional operating system.