Group Policy Basics - Part 1.4 GPO Security Filtering and Delegation

Filtering a GPO
Before we go any further, we need to look at two more concepts that will determine whether GPO settings are applied to your client. The first is GPO Filtering. This feature allows further granularity in the way that GPOs are applied in your environment. Even when a GPO is linked within a part of your directory (say, an OU) you may not want that GPO to apply to every object within that container. You can control this by assigning permissions for who can process your GPO. This is known as filtering.
When you filter a GPO, you specifically designate which users, group and computers are allowed to apply a GPO. For example, you may only want the team leads within the Accounting group to get 100 MB of disk space for their disk quota, so you decide to configure a group called Team Leads - Accounting and filter the GPO on that group. If you did this, it would look like the following: