Заметки сисадмина » How to: Exclude user or computer from Group Policy

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

How to: Exclude user or computer from Group Policy

2021-11-23 · Posted in Active Directory

You have created Group Policy with some settings/restrictions but you want to exclude user or computer from applying policy.

In this example Ill show you how to exclude computer from Group Policy, but same procedure can be done for users.

It is recommended to create new GPO for every setting/restriction. If you apply all your settings/restrictions into one GPO it will be very hard to administrate and manage.

I created group “NoUpdates” in Active Directory Users and Computers and added computer called SCSERVER to that group (same computer or user can be member of multiple groups in AD)

Next stop is Group Policy Management | Group Policy Object I created for Windows Update settings is called – Windows_Update | choose Delegation tab |Choose Authenticated Users |click on Advanced button on right bottom of the screen

Click on Add button

Enter name of the group (or user/computer) that you want to exclude from GPO (Ill choose NoUpdates group I created at the beginning of tutorial)  |OK

Choose group/user/computer you added and under Permissions tab for setting “Apply group policy” tick Deny |confirm with Apply |OK

If you want to immediately check results enter command gpupdate /force into command prompt (you need to run it as administrator) of the computer that exclusion applies to.

For some GPO settings that wont be enough and youll have to restart computer.

In my case – server had automatically scheduled updates installation

 

After exclusion..

 

That’s it, exclusion for one computer or user or group works.

Leave a Reply