Impact of GPO during logon

[Marlon Brown]

If I want to apply a certain group policy that maps a drive to a certain
path upon user login, and I apply that GPO on the root domain and target
only members of a SpecificGroup, that GPO will not be processed or impact
login performance for users that are non members of that group, right ?
Just wanted to confirm because I receive too many requests to map drives
based on group membership and I wanted to make sure that is viable.

 

[Simon Geary]

That's the right idea but you should not apply the group policy at the
domain level. MS recommend not applying any other GPO at domain level apart
from the Default Domain Policy, although it will still work if you do. (I
don't know why they make this recommendation, but they do. Does anyone else
know why?)

If you remove the authenticated users group from the GPO permissions and
assign your groups the read and apply group policy permissions that will do
the trick.

 

[Jim Singh]

If you want to apply a GPO to a group of users, you can alternatively add
them to an OU and apply a GPO with specific read/apply permission applying
only to those users and can explicitly deny the read/apply perm to
authenticated users. Microsoft do not recommend to modify the default domain
policy, how ever you can have another policy at domain level if you think
that the change needs to flow down to every down level object. Remember that
a GPO with hundereds of entries modified will take longer time for
processing than if you were to have the same settings divided up into
multiple GPOs.

-Jim