Setting GPO security filter with powershell Set-GPPermissions cmdlet
As documented on the page you referenced, the command would replace already existing permissions
of a group "myGroup". It won't replace permissions for a group "Authenticated Users" with permissions for a group "myGroup". Quoting from Technet:
-Replace < SwitchParameter >
Specifies that the existing permission level for the group or user is removed before the new permission level is set.
You'll have to use Set-GPPermissions
to grant permissions to "myGroup" and Set-GPPermissions -TargetName "Authenticated Users -PermissionLevel None
to remove permissions for "Authenticated Users".
I found that it's sufficient to set the Authenticated User permissionlevel to none like this:
Set-GPPermissions -Name "MyGPO" -PermissionLevel None -TargetName "Authenticated Users" -TargetType Group
That removed the "Authenticated Users" security filter.
I think you should have accepted Ansgar's or user1458620's answer; they're correct.Here is a final solution incorporating the same:
$gpo | Set-GPPermissions -Replace -PermissionLevel None -TargetName 'Authenticated Users' -TargetType group $gpo | Set-GPPermissions -PermissionLevel gpoapply -TargetName 'MyGroup' -TargetType group