I would appreacite your help with security filtering in Windows Server 2012. How would go about allowing RDP access to a just a few workstations on the network. The remote desktop access is disabled and configured in the Default Domain Policy. I was thinking to create a separate OU where I would then create a security group. Then create a GPO and apply it only to the particular OU. However the workstations are already created / added in the main OU and moving them would mess up other policies already applied to them. Can you think of a way how to get around this?