Would anyone know of a way to prevent a GPO from applying to a specified group or an OU using PowerShell (maybe even using WQL)? We are looking to create a script to add to our automated server build script.
I know that you can accomplish denying GPOs to groups through the GUI in the Group Policy Management Console.
1. Open GPMC
2. Go to the GPO
3. Select the Delegations tab
4. Add the group
5. Click on the Advanced button below
6. Check "Apply group policy" in the "Deny" column
Is there a way to do this through PowerShell? So far I have not found any cmdlets that can help. If not PowerShell, is there a way to script this some other way?
I appreciate the help in advance. Thanks!