![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hello Aakarsh Gupta
When using Group Policy, security filtering and delegation must be handled carefully to avoid unintended behavior. If you deny “Apply Group Policy” to a group or user that’s also part of the “Authenticated Users” group, it can cause the policy to become ineffective or appear as “none” in the settings view. This is because denying permissions at the security filtering level overrides any allow entries, and if the remaining filter doesn’t resolve to any valid target, the GPO won’t apply.
Adding a single user and denying “Apply” can also break the filtering if that user is part of a broader group like “Authenticated Users” — the conflict causes the GPO engine to skip processing. A better approach might be to create a new group that includes all intended users except the IT admins, and use that group in the security filtering instead of relying on exclusions.
I hope this helps clarify the behavior. If you found this answer useful, feel free to hit “Accept Answer” so others can benefit too 🙂.
Harry.