• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 552
  • Last Modified:

How do I edit a single user in Active Directory Group Policy

I have a group policy witch applys to all domain users, but now I need to edit that policy for a single user on my domain and not sure to do that.
1 Solution
Joseph DalyCommented:
You would want to add that user in security filtering. In GPMC select the GPO you want and go to the delegation tab. Click advanced and then add the user you want to block. Then check the boxes for deny read and apply group policy.
PberSolutions ArchitectCommented:

Using the GPMC (http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en)
Change the Security Filtering on that GPO from authenticated Users to only that one user.
That's it.
Do you mean, change the policy but for only 1 person? So all the others get the same settings as before, but this 1 user is different?

That isn't possible, but you can instead just create a new policy with the desired settings for the single user, and use security filtering to ensure this user is the only person it can apply to.

If you just don't want the policy to apply for that user, you can again use security filtering on the existing policy to block it from applying to that user.

Security Filtering is found within GPMC - Click on the policy object, then on the right hand side click the 'Delegation' tab, then select 'Advanced' button in the bottom right corner.

Then just add the user account, and DENY both read and apply rights.

If you need to create a new policy, just ensure that ONLY this particular has both read and apply rights. Remove the authenticated users group, and you should be good to go.

If you're not sure on any part of that, just let me know with a bit more detail on what you're trying to achieve, and I'll try to explain it a little better...


The easiest way is probably to make a new OU parallell with the one with the rest of the users and put the "special" user in that OU. Then make the tailored GPO on this OU.

You can also make a sub-OU in the existing OU if you want to apply the GPO to the special user and then add additional settings in another GPO for the sub-OU only.

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now