上QQ阅读APP看书，第一时间看更新

Authenticated users

Settings inside the Default Domain Policy apply to everyone and everything inside the domain for two reasons. The first is that this GPO is linked to the root of the domain automatically. Based on our Group Policy hierarchical understanding we have already established, you know that this means the GPO will attempt to apply itself to everything listed under that domain tier.

The second is that the Default Domain Policy has Authenticated Users specified inside the Security Filtering section of the GPO settings. If you open GPMC, click on Default Domain Policy, and navigate to the Scope tab, you will see Authenticated Users listed near the bottom of the screen. We haven't discussed Security Filtering yet, because we have Chapter 4, Advanced Filtering of Group Policy Objects, coming up shortly. But for now, you simply need to understand that this specification means that the settings inside the Default Domain Policy GPO are going to attempt to apply to every domain user on every device:

Authenticated Users even includes administrators! This is important to note because you as the IT admin are not automatically immune from Group Policy settings, and so it is very possible to lock yourself out of functionality that you need in order to do your work. Tread carefully with the Default Domain Policy or any other GPO that filters to Authenticated Users.