Make an exemption to a single user with GPO?

Make a new OU and set a policy to that OU that do what you want. Even if it is one user today you do not know if there will be more users tomorrow

the best way to do this is not to "apply" the GPO setting in the GPO managment tool, go to the advanced settings to do this. So just add that user directly and remove that atribute and maybe ever "deny" the "apply" and it will keep it from applyoing to there account. Joe is correct to and make a new OU but depending on your organization that might not be a viable option.

T

It is always a good thing to be consistent when working with GPO's. If you make exceptions from a rule then you will soon find yourself in a mess since you do not know why a user has a problem. Therefore I recomend that you follow the same procedure to make exceptions as when your apply a rule, that way you have a consistent structure and it is much easier in the long run to make changes. As a rule of thumb you should try to never use deny in a GPO if it is possible to accomplish it in another way. I am saying this from experience, and I am sure that there are those that do not agree with me but still this is my opinion

So Joe, you would say to simply make a OU named something like "Logon Name Removed" or something, backup the current GPO, Restore to a new one in the new OU, make that single change to it, and move the user into it?

Sounds fine to me :-)