We have recently applied a user GPO to the main OU that contains all of our users. There are some other child OUs under it but the policy is set to inherit from the parent.
We have one user who should not receive the policy. I would like to set it up so that the policy is not applied to him.
What I was thinking was a two step process.
1. First I will create a new ou outside of the OU that is applying the GPO and move his user account into it. This should unlock the settings that are currenlty being applied by the GPO and grayed out.
2. I am thinking that to block his access to receiving the policy I can set a deny read on the policy only for his user account. I have never done this before so Im looking for a little guidance.
Does this sounds like a correct way to go about this? Any other ideas or suggestions.