See the article below with a problem very similar to yours, I believe it can help you
--If the answer is helpful, please vote positively and accept the answer--
I have created a Group Policy to install a piece of software to a particular group of users in a security group (MyGroup). The installation is set up in the policy under [User Configuration -> Policies -> Software Settings -> Software Installation].
The policy is scoped to the top of my domain, and there are no OU's not getting inheritance as far as I can tell. Under Security Filtering, I have MyGroup listed, and nothing else.
Under the Delegation tab, MyGroup has Read and Apply rights checked. I also added Authenticated Users as Read only.
When I do Group Policy Modeling using a user in MyGroup with a particular computer (MyComputer), the GPO is listed as a Denied GPO due to "Access Denied (Security Filtering)".
Then I added MyComputer under the GPO Delegation tab. If I give MyComputer Read only, it doesn't help. If I give MyComputer Read and Apply, then the policy applies successfully. Unfortunately, if I do Group Policy Modeling on MyComputer with a user who is not in MyGroup, the policy also applies (which it should not).
I'm not understanding what's going on and I'm not sure how to proceed. Any assistance would be appreciated.