When creating policies, you can apply them to a limited number of users or Active Directory groups. When applying a policy to a specific user, consider service accounts that might be required.
For example, if you want to permit iTunes for your C.E.O only, you can add his domain\CEOName to the Policy. However, iTunes also requires additional services to run, that run under the system account. In this case, you would also want to add the SYSTEM account to the Policy.
To apply a Policy to limited users or groups:
- Edit the Policy from the Application Policies or Storage Policies page.
- Scroll down to the "Which users and groups should this policy apply to?"
- Enter the username and select the Add button. When adding a username, you can use wildcards. For example:- *\Administrator.
- If you wish to add an Active Directory group, select the group from the dropdown list and click the Add button.
- Save the Policy and select Deploy Policies.