In our Active Directory infrastructure some time we may need to exclude particular User/Computer or any security group from a group policy.
This is the common question among Administrators and I have seen the same questions in many of the forums.
So in this topic will see about the Step-By-Step Guide to Exclude (Deny) Group Policy Object (GPO) for Certain User/Computer or Security Group.
- How to Allow or Prevent Domain Users from Joining Workstations to Domain
- Protected Users Security Group in Active Directory
1. Log in to a server with administrator privileges.
2. Open the Group policy mmc with server manager > tools > group policy management
3. Then expand the tree and Select the group policy in which you would like to exclude users or group.
In this demo i am going to use the GP called Test1
4. Click on the selected GPO and on the right hand panel it will list the settings. Click on delegation tab.
5. Then click on the Advanced button
6. In this window, click on add to add the user or the group that you like to exclude
7. Then in the permission list, you can see by default it has Read permission.
Leave it same and scroll down the list to select permission called Apply group policy. Then click on deny permission.
8. Then click on OK to apply the changes. In warning message click on Yes. Now we successfully exclude Bala from the Test1 GPO.
Hope this Tutorials helps you guys.. Don’t Forget to Like..!! Share..!! and Comment ..!!
- How to Install Active Directory on Windows Server 2008
- How To Create Additional Domain Controller (ADC) In Windows Server 2008
- Creating a New Child Domain in Windows Server 2008
- Steps for Deploying & Installing an Read-Only Domain Controller (RODC)
- How To Remove Active Directory Server Manually:Clean Up Server Metadata