Typically, when Group Policy is applied, it is applied to all computers or user groups or to all users. There are no exceptions. However, if you want to exclude users or individual computers from a Group Policy Object (GPO), there is a method. It will allow you to exclude a single user or computer. Before we start, it works on a Windows 10 computer that is part of the domain. This means that you cannot apply this to the computers you use at home.
Exclude individual users or computers from the Group Policy object
- Select the Group Policy object in the Group Policy Management Console (GPMC) t0 to which you want to apply the exception
- Click on the “Delegation” tab and then click on the “Advanced” button.
- Click the Add button and choose the user or computer you want to exclude from Group Policy application.
- When searching, the user is the default search mode.
- Also go to all searches to list computers.
- You can also add a user group if you want to block a user group.
- Select the user or user group or computer that you added.
- Look for Apply Group Policy in permissions and check Deny. Click Apply and then OK.
- Link Group Policy to a container or organizational unit (if you have not already done so).
Open the command prompt by typing cmd in the Run prompt (Win + R) and launch it using Ctrl + Shift + Enter. It will open a command prompt with administrator permission.
Then enter gpupdateand press the Enter key to execute the command. It will instantly apply the change to the computer, except for that.
It is more or less that.
I hope the message was easy to follow and that you were able to exclude users or individual computers from a Group Policy object.
Make sure to group people together whenever possible, it will be difficult to remember and manage them.
Related reading: How to Apply Group Policy to Non-Administrators Only