Security Group Targeting

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

A Security Group targeting item allows a preference item to be applied to computers or users only if the processing computer or user is a member of the group specified in the targeting item and optionally only if the specified group is the primary group for the processing computer or user. If Is Not is selected, it allows the preference item to be applied only if the processing computer or user is not a member of the group specified in the targeting item and optionally only if the specified group is not the primary group for the processing computer or user.

Important

Group

Primary group

If you select this check box, the targeting item processes the associated preference item only if the specified group is the primary group of the processing user.

Note

This option is disabled when Computer in group is selected.

User in group

If selected, the target item processes the associated preference item when the processing user is a member of the group specified in Group.

Note

This option is disabled in computer preference items.

Computer in group

If selected, the target item processes the associated preference item when the processing computer is a member of the group specified in Group.

Supported groups

Domain groups:

  • Global groups

  • Universal groups

Local groups:

  • Local groups (including built-in groups)

  • Domain local

  • Well-known

Additional considerations

  • Security Group targeting items use the group's security identifier to determine group membership and not the display name of the group.

  • To reposition a targeting item within the list of targeting items that you have applied to a preference item, either drag the targeting item to a new position, or select the targeting item and then click the Move Up arrow or Move Down arrow.

  • Preference items are available only in domain-based GPOs.

Additional references