How to exclude a specific user from group policy object (GPO)
HTML-код
- Опубликовано: 12 сен 2024
- In this video, I'll show you how to easily exclude a specific user or group of users from a group policy object (GPO).
When you apply a GPO to an OU it applies to all of the objects in that OU (users or computers). There are times when you need to exclude specific users from a GPO such as your admin users.
The best method to exclude users from a GPO is by creating a group and using the GPO delegation settings to deny access to the GPO.
Complete Group Policy Guide:
activedirector...
GPResult command:
activedirector...
More Active Directory Tutorials:
activedirector...
For some reason I always kept unticking the "read", as some articles keep suggesting that. This worked, thank you.
As an FYI, I had to first disable the linked GPO to the OU to get the affected devices and users to be removed from the GPO after which it worked as intended. The GPO kept sticking around with just the changes mentioned.
How do you apply a specific GPO to only to a specific group and not for the rest of the domain users?
My question is can I deny one specific portion of the GPO from applying but keep the rest for one user/computer. There is one security option I want disabled but the rest to apply.
There is no way to deny a portion of a GPO. You would need to create a separate GPO that disabled the security option.
Hello Sir, can we do the same if we want to exclude a security group (containing service accounts) to be excluded from the default domain policy GPO? Kindly confirm if this is supported action and do attach any reference article from Microsoft. Thank you a lot!!!!
i have the same question
The video demonstrated excluding a security group.
I have a strange situation that I was hoping anyone can resolve. This method works great the first time around, but when I add another user to the GPO Exclusions group that is now in the Delgations tab, it doesn't apply to that user even with a "gpupdate /force" already applied to it. Is there something I'm missing? Do I have to create another GPO Exclusions group for another user or can I use the same GPO exclusion that was created here and just adding another user to that group? I did that but it doesn't work but ironically DOES work for the first user that I had created. Any help is greatly appreciated. Thank you.
1. After you add another user it stops working for both users or just the recently added user?
2. What do you see when you run gpresult /r
Do you see GPO listed under "The following GPOs were not applied because they were filtered out"?
@@ActiveDirectoryPro Hello there, thanks for replying back.
1. It only doesn't work for the newly created user, the other user remains unaffected and works just fine. But the exclusion will not work for the second user.
2. Under the option where it says: "The following GPOs were not applied because they were filtered out" it says: " Local Group Policy Filtering: Not Applied (Empty)" Using these VMs in hyper-v by the way.
thank you
You're welcome
Thanks
Welcome