This article provides information about item-level targeting of Group Policy preference settings.
Item-level targeting is a feature of Group Policy preferences that allows preference settings to be applied to individual users and/or computers within the scope of the Group Policy Object (GPO) that contains the preferences. Policy settings can also be filtered, but there are several important differences between item-level targeting of preference settings and the filters that can be used with policy settings:
Policy settings within a GPO can only be filtered on an all-or-nothing basis: either the entire GPO will apply to a target or it won't. Item-level targeting allows individual preference settings within a GPO to be applied or not, based on specified criteria. Different preference settings can be applied to different groups of targets.
Policy settings are filtered using either security filters or WMI filters. Security filters are static and not very granular. WMI filters are dynamic and can be very granular, but the WMI Query Language in which they are written is complex and has a steep learning curve. Item-level targeting provides a great deal of granularity and an intuitive user interface for constructing filters.
Item-level targeting allows an administrator to specify a list of conditions that must be met in order for a preference setting to be applied to a user or computer object. The conditions in the list are connected by Boolean AND or OR operators. When the list is evaluated, if the result is true, the setting is applied; if the result is false, it isn't.
A wide variety of criteria are available for targeting settings to users and computers, including the following:
User and/or computer name
Security group membership
Operating system version, edition, and service pack level
Date, time and/or day of the week
Presence or absence of a file or folder
Network connection type, MAC address, and/or IP address
The above list is far from all-inclusive. There are 27 types of targeting criteria available as of this writing, and many of the types contain multiple individual items. A complete list of targeting criteria is available in the Preference Item-Level Targeting TechNet article.
To configure item-level targeting, perform the following steps:
In the Group Policy Management Console, open the Group Policy Objects folder and locate the GPO containing the appropriate preference settings.
Right-click the GPO and select Edit.
In the Group Policy Management Editor, locate the preference setting that will have item-level targeting applied.
Right-click the preference setting and select Properties.
In the Common tab of the properties window, check the box labeled Item-level targeting and click the Targeting... button.
The Targeting Editor will open, as shown below.
In the Targeting Editor, click New Item and select the type of targeting item you wish to create from the list that appears.
The resulting options will depend on what type of item was selected. The following example shows the options for targeting based on operating system version:
The menu options in the Targeting Editor are as follows:
Clicking New Item will add another targeting item to the list of conditions. By default, items are joined with a Boolean AND, but this can be changed (see below).
Clicking Add Collection adds a collection to the list. Collections are a means of grouping items logically, much like adding parentheses around a set of conditions. To add an item to a collection, either right-click the collect and select Add Item or drag an existing item into the collection.
The Item Options menu allows you to select whether an item or collection should be connected to the list with an AND or OR operator and whether it should include a NOT operator. You may also add a label to an item or condition using this menu.
Click OK to close the Targeting Editor when done adding items to the list.
The following example shows the flexibility and granularity available in item-level targeting. This particular preference setting will only apply to machines that meet all of the following criteria:
At least 120 GB of free space is available on the system volume.
The machine is a member of the DPYOUNG domain and/or has an IP address between 192.168.242.51 and 192.168.242.100.
The machine's processor speed is at least 2.4GHz.
The machine is not running Windows 7 or Windows Server 2008 R2.
|Need more help?|
|Find additional PowerEdge and PowerVault articles
Watch Part Replacement Videos for Enterprise products
Visit and ask for support in our Communities
Create an online support Request
Article ID: SLN285439
Last Date Modified: 09/28/2018 05:54 AM
Thank you for your feedback.