Link to home
Start Free TrialLog in
Avatar of mrichmon
mrichmon

asked on

Exclude a specific machine from a group policy

We have a group policy object which we want to apply to all machines within an OU except one.  Is there a way (using WMI filters or Deletation or something) to exclude that one specific machine?

We do not want to create a separate OU for that one machine.
SOLUTION
Avatar of cpottercpotter
cpottercpotter
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LauraEHunterMVP
LauraEHunterMVP
Flag of United States of America image
This is a common question - I refer you to the following solution from the PAQ: https://www.experts-exchange.com/questions/22864893/WMI-filter-to-block-policy-based-upon-server-name.html
Avatar of mrichmon
mrichmon

ASKER

>>You can just deny read access to the GPO for that one machine.
That is what I remembered from a class a while ago, but I can't seem to find where to do it.  The article says to right click on the GP object and choose properties, but I don't have that option.

I remembered how to do it.
In the Delegation tab add the computer
Then Choose "Read" from the drop down as the default.  Click OK.
Select the machine from the list
Then click the advanced tab
Select "Deny" next to the "Apply Group Policy"

As a note I am pretty sure that selecting "Deny" for read would do the same thing.  They said in the class you can't apply a GPO that you can't read.