You can decide which groups of computers and users a particular GPO influences . To do this, you use the Security property page of a given GPO to set access permissions (discretionary access control lists , or DACLs) to allow or deny access to the GPO by specified groups.
The Security tab is accessible by right-clicking the root node in the Group Policy snap-in, clicking Properties, and then Security. Or from the Properties page of a given site domain, or OU, select the Group Policy tab, right-click the appropriate Group Policy object in the GPO list, select Properties, and then click Security.
Both Read and Allow Group Policy ACEs are required for a GPO to apply to a group or users in OU.