Authenticated users

Settings inside the Default Domain Policy apply to everyone and everything inside the domain for two reasons. The first is that this GPO is linked to the root of the domain automatically. Based on our Group Policy hierarchical understanding we have already established, you know that this means the GPO will attempt to apply itself to everything listed under that domain tier.

The second is that the Default Domain Policy has Authenticated Users specified inside the Security Filtering section of the GPO settings. If you open GPMC, click on Default Domain Policy, and navigate to the Scope tab, you will see Authenticated Users listed near the bottom of the screen. We haven't discussed Security Filtering yet, because we have Chapter 4, Advanced Filtering of Group Policy Objects, coming up shortly. But for now, you simply need to understand that this specification means that the settings inside the Default Domain Policy GPO are going to attempt to apply to every domain user on every device: