Would you like to learn how to configure a group policy to ignore a user account? In this tutorial, we will show you how to configure the GPO permissions to not apply its configurations to a user account.
• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 10
• Windows 7
Equipment list
The following section presents the list of equipment used to create this tutorial.
As an Amazon Associate, I earn from qualifying purchases.
Windows Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Windows.
Tutorial GPO – Create a user exception
On the domain controller, open the group policy management tool.
Create a new group policy.
Enter a name for the new group policy.
In our example, the new GPO was named: MY-GPO.
On the Group Policy Management screen, select your GPO and access the Delegation tab.
On the bottom of the screen, click on the Advanced button.
Click on the Add button and enter a user account.
Select the user account and deny the permission to apply the group policy.
On the Warning window, click on the Yes button.
In our example, the account USER01 was denied permission to apply the GPO named MY-GPO.
Tutorial GPO – Applying the group policy
On the Group policy management screen, you need to right-click the Organizational Unit desired and select the option to link an existent GPO.
In our example, we are going to link the group policy named MY-GPO to the root of the domain.
After applying the GPO you need to wait for 10 or 20 minutes.
During this time the GPO will be replicated to other domain controllers.
Reboot a remote computer and verify if the configuration is ignored by the excluded user account.
In our example, the account USER01 will not apply the configurations from the GPO named MY-GPO.
