Exclude a specific machine from a group policy

We have a group policy object which we want to apply to all machines within an OU except one.  Is there a way (using WMI filters or Deletation or something) to exclude that one specific machine?

We do not want to create a separate OU for that one machine.
LVL 35
Who is Participating?
Brian PiercePhotographerCommented:
Just to expand on what cpottercpotter has said, the process by which you can do this is called group policy filtering and is detailed at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/filter.mspx?mfr=true
You can just deny read access to the GPO for that one machine.
This is a common question - I refer you to the following solution from the PAQ: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22864893.html
mrichmonAuthor Commented:
>>You can just deny read access to the GPO for that one machine.
That is what I remembered from a class a while ago, but I can't seem to find where to do it.  The article says to right click on the GP object and choose properties, but I don't have that option.

I remembered how to do it.
In the Delegation tab add the computer
Then Choose "Read" from the drop down as the default.  Click OK.
Select the machine from the list
Then click the advanced tab
Select "Deny" next to the "Apply Group Policy"

As a note I am pretty sure that selecting "Deny" for read would do the same thing.  They said in the class you can't apply a GPO that you can't read.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.