I have been using Group Policy as a System Admin for many years (back to Server 2003), but I have never had the need to use security filters before now, and I cannot seem to get it to work.
The DC is SBS2011, and I am running GPMC from a Win10Pro machine (but I get the same results if I log in directly to the DC and set it up from there).
I am trying to apply a policy to any user that logs into a single specific machine. The settings are User settings.
I can get the policy to apply to all users on any machine, but I cannot then get the security filtering to work and apply only when a user logs in to the one machine.
The policy is linked to the main users group in AD (the OU is called CompanyName).
I have created a security group (RestrictedInternetMachines) and added the machine to that group.
The scope shows the location = CompanyName, and Security Filtering = Authenticated Users and RestrictedInternetMachines
Like this, the policy applies to the users regardless of where they login, and hence applies on their own machines.
If I remove Authenticated Users from the Security Filtering, and add Authenticated Users to the Delegations (Read Permission), then the policy fails to apply anywhere, including on the machine I want it to.
I have tried replacing the security group with the machine name itself - no difference.
I have tried adding 'Apply' permissions to Authenticated users in Delegations, but this adds that group back to the Security Filtering list, and the settings get applied across all machines.
I must be missing something obvious. From what I have read around the web, I think I am doing it correctly, but obviously not!
Any help is appreciated.