Hello Stian-3593,
Thank you for posting in our Q&A forum.
Based on the description, you configure the computer group policy settings and link the GPO to computer OU.
I assume:
OU1 with server1 and link GPO1
OU1 with server2 and link GPO2
For GPO1, we can try one of the following two options.
Remove the Authenticated Users.
Add the server1 machine account or the group with server1 machine account.
Give "read and apply GPO" permissions to the server1 machine account or the group with server1 machine account.
Or
Keep the Authenticated Users, but make Authenticated users have only read permission, no apply GPO permission.
Add the server1 machine account or the group with server1 machine account.
Give "read and apply GPO" permissions to the server1 machine account or the group with server1 machine account.
For GPO2, we can try one of the following two options.
Remove the Authenticated Users.
Add the server2 machine account or the group with server2 machine account.
Give "read and apply GPO" permissions to the server2 machine account or the group with server2 machine account.
Or
Keep the Authenticated Users, but make Authenticated users have only read permission, no apply GPO permission.
Add the server2 machine account or the group with server2 machine account.
Give "read and apply GPO" permissions to the server2 machine account or the group with server2 machine account.
Hope the information above is helpful.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.