Exclude One Computer from GPO KB ID 0001852
Problem
You have a requirement that you want one computer (or a group of computers) NOT to have a specific GPO applied. If that is the case, then this is how to simply achieve that goal
Note: The same procedure can be used to Exclude a GPO from one user (or a group of users).
Solution : Exclude One Computer from GPO
Let’s find the computer in question, in my case it’s called PNL-ZERTO-2022, take a note of which OU it is in.
From the Group Policy Management console (on a DC or another machine that has the management tools installed) Locate that OU, you can see that there are some GPOs directly linked to that OU, but to see all the GPOs affecting that OU you need to go to the ‘Group Policy Inheritance’ tab.
On the computer itself i can run gpresult /r and it will show me all the COMPUTER GPOs that are being applied. For this exercise I want to stop the policy called CP-Wireless-Policy applying to this machine.
Back in our Group Policy Management Console locate the GPO in question then under Security Filtering > Add > Add in the computer object (remember computers is not selected by default so you may need to tick the box).
Delegation Tab > Select the computer > Advanced > Select the computer > Tick to DENY full control > Apply > Yes > OK.
Exclude One Computer from GPO : Testing
Before you leave the Group Policy Management console, you can simply create a group policy modelling element that tests the policy you want NOT to be applied, has been Denied.
On your client machine, after a reboot, or a force of group policy, running gpresult /r should show the the CP-Wireless-Policy is no longer being applied.
Exclude one Computer from GPO (GPP)
If you are deploying GPP group policy preferences, then you can also use Item-Level Targeting, and then set the targeting to the computer-name-IS-NOT (so that it applies to all other computer names.
Related Articles, References, Credits, or External Links
NA
