We are running Windows 2003 AD. Our domain has multiple OU's...most users are in Company > HQ > Users.
There is a GPO I want to apply to only one user in the Users OU. This should not affect any other users. This GPO will contain one setting that we want to apply to this special user.
I was thinking of creating a GPO with this setting, GPO1, and also an AD security group, named Group1. I would then add this user to Group1.
Then, within the GPO, go to Security Filtering, and set it so that it is only applied to Group1. All other GPO's are applied to Authenticated users.
I would then move this GPO to the top of the list (Link Order 1) for the Users OU, so that it was was the most important.
Does this sound about right?