Note: A common mistake here is to remove “Authenticated Users” directory from the Security Filtering section on the Group Policy Object.
DON’T DO THIS!!!
You should never do this. This can cause “Inaccessible” (see image below) error messages on Group Policy Objects in the Group Policy Management Console for anyone who is not an Domain Administrator. This happens because the ability for the user to read contents GPO has been removed. Don’t worry this does not mean the policy will be applied to that user.
Step 1. Select the Group Policy Object in the Group Policy Management Console (GPMC). Then click on the “Delegation” tab and then click on the “Advanced” button.
Step 2. Select the “Authenticated Users” security group. Then scroll down to the “Apply Group Policy” permission and un-tick the “Allow” security setting.
Note: That the “Allow” permission for “Read” still needs to remain ticked. As this prevents the Inaccessible message as mentioned above.
Step 3. Now click on the “Add” button and select the group (recommended) that you want to have this policy apply. Then select the group (e.g. “Accounting Users”) and scroll the permission list down to the “Apply group policy” option and then tick the “Allow” permission.
This Group Policy will now only apply to users or computers that are members of the Accounting Users security group. The user and/or computer must be located under the scope of the GPO for the policy to be applied.