Although I haven't got an answer to the question of max # of entries, I have fixed the group policy issue we've been having which has led to this question. I already knew from the original warning entry in the Application Event Log when the erroneous change to the group policy first occurred. With this date in hand I was trying to figure out which item level targeting entry in the Group Policy Preferences was erroneous and, since there were 45 of them, was having a hard time finding them. I noticed after exporting the GP report as an XML file that although the GP report doesn't show modification dates for each entry, the XML file does. This is how I pinpointed the erroneous item level targeting entry and found the configuration error.
Is There a Limit to the Number of Item Level Targeting Entries You Can Have in Group Policy Preferences ?
We have a group policy that is reporting the warning below. It concerns adding mainly domain groups into the local administrator group on applicable member servers using Group Policy Preferences. During group policy updates on our member servers, we see this warning. I'm concerned that there is a security risk as some member servers may not be processing this group policy correctly. One possible cause could be the large number of item level targeting entries this group policy has for populating the local admins group as mentioned. Currently we have 45 item level targeting entries. Is this too many ? What's the maximum number of item level targeting entries you can have ?
ProviderName: Group Policy Local Users and Groups
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
06/01/2021 11:59:22 4106 Warning The computer 'Administrators (built-in)' preference item in the 'Tier 1 - Server Platforms Admin and Restrictions {773F2424-D827-4311-9D3E-8A4787E4EDC9}' Group Policy Object did not apply because its
targeting item failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.