Question : Blocking group policy for one user

We have recently applied a user GPO to the main OU that contains all of our users. There are some other child OUs under it but the policy is set to inherit from the parent.

We have one user who should not receive the policy. I would like to set it up so that the policy is not applied to him.

What I was thinking was a two step process.
1. First I will create a new ou outside of the OU that is applying the GPO and move his user account into it. This should unlock the settings that are currenlty being applied by the GPO and grayed out.
2. I am thinking that to block his access to receiving the policy I can set a deny read on the policy only for his user account. I have never done this before so Im looking for a little guidance.

Does this sounds like a correct way to go about this? Any other ideas or suggestions.

Thanks

Answer : Blocking group policy for one user

Yes option 2 is known as security filtering and that is all you have to do.
Step 1 -- select the group policy in GPMC, go the delegation tab and select advanced -- see first screen shot
step 2 -- then just select user user and select deny for read and apply group policy -- screen shot 2
Let me know if that helps or if you have any questions
Thanks
Mike

GPMC-Delegation-Advanced.jpg (49 KB) (File Type Details)

Advanced tab

Deny-read-and-apply.jpg (50 KB) (File Type Details)

Deny GPO to user

Random Solutions

ISA 2006 blocks GMAIL

MS Acceess 2002 Dynamically changed listbox

Vista not Browsing but connected

DataGridView AutoResizeColumns() not working with

Archiving Exchange messages in PST files

How do I retrieve text from a website

Rename file with previous weekday's date as the file name

Importing a WAB address book

Excel 2007 VBA - Plot Area size not working

Cisco 1760 router has 2 flash