How to: Exclude user or computer from Group Policy
You have created Group Policy with some settings/restrictions but you want to exclude user or computer from applying policy.
In this example Ill show you how to exclude computer from Group Policy, but same procedure can be done for users.
It is recommended to create new GPO for every setting/restriction. If you apply all your settings/restrictions into one GPO it will be very hard to administrate and manage.
I created group “NoUpdates” in Active Directory Users and Computers and added computer called SCSERVER to that group (same computer or user can be member of multiple groups in AD)
Next stop is Group Policy Management | Group Policy Object I created for Windows Update settings is called – Windows_Update | choose Delegation tab |Choose Authenticated Users |click on Advanced button on right bottom of the screen
Click on Add button
Enter name of the group (or user/computer) that you want to exclude from GPO (Ill choose NoUpdates group I created at the beginning of tutorial) |OK
Choose group/user/computer you added and under Permissions tab for setting “Apply group policy” tick Deny |confirm with Apply |OK
If you want to immediately check results enter command gpupdate /force into command prompt (you need to run it as administrator) of the computer that exclusion applies to.
For some GPO settings that wont be enough and you
ll have to restart computer.
In my case – server had automatically scheduled updates installation
After exclusion..
That’s it, exclusion for one computer or user or group works.