When you apply a group policy on a container or OU, it applies on all users or computers in that container. However, you can exclude a single or multiple users or containers from the policy applied. This tutorial is written to show you how to exclude a single user from a group policy object.

Exclude a user from group policy object

Step 1. Open server manager dashboard. Click Tools -> Group policy management

Step 2. In the group policy management editor, open the group policy object you want to apply an exception on (Located in Group Policy Objects).

Step 3. Click Delegation tab -> Advanced

Delegation advanced settings

Step 4. Click Add and choose the user whom you want to exclude from group policy enforcement.

Step 5. Choose the user you entered in step 4.

Step 6. Locate Apply group policy in permissions and check mark deny.

Apply policy and group permissions

Step 7. Click Apply and then OK.

Step 8. Link the group policy to a container or OU (If you haven't done already).

Step 9. Execute gpupdate on the command prompt.

How to Exclude a User or Computer from Group Policy Object
Avatar

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn

9 thoughts on “How to Exclude a User or Computer from Group Policy Object

  • Avatar
    December 5, 2018 at 5:51 am
    Permalink

    that was awesome, thanks alot

    Reply
  • Avatar
    December 24, 2018 at 4:00 pm
    Permalink

    Thank’s
    Very helpful article.

    Reply
  • Avatar
    December 14, 2019 at 8:52 am
    Permalink

    I think it just works on user configuration, my problem is computer configuration. is there any way to exclude one or some computers in a UO from the policies that made just for computer configuration?

    Reply
    • Avatar
      January 25, 2020 at 12:08 am
      Permalink

      When you get the box to select the object, by default Computer accounts are not valid targets. You have to press the “Object Types…” button and add Computers as an option.

      Reply
  • Avatar
    March 17, 2020 at 1:59 pm
    Permalink

    Perfect!!! I have been doing wrong for a long time because no one else bothered to show me the correct way. Thank you for writing this!

    Reply
  • Avatar
    April 15, 2020 at 5:34 pm
    Permalink

    This is exactly what I needed. Thanks!

    Reply
  • Avatar
    May 19, 2020 at 11:01 am
    Permalink

    Hello, thank you for this article, it is really good. I linked the policy to a OU and I have another policy there, mapping drives. The person that I Excludet with Deny had his home drive locket. Does the policy with the Deny have affect on other policys that is on the OU ?

    Reply
  • Avatar
    May 26, 2020 at 6:15 am
    Permalink

    Nice set out straight forward instructions, cheers

    Reply
  • Avatar
    July 8, 2020 at 10:27 pm
    Permalink

    Hello

    Is there an way to exclude the sub OU ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*