Would you like to learn how to configure a group policy to ignore a computer account? In this tutorial, we will show you how to configure the GPO permissions to not apply its configurations to a computer account.
• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 10
• Windows 7
Equipment list
The following section presents the list of equipment used to create this tutorial.
As an Amazon Associate, I earn from qualifying purchases.
Windows Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Windows.
Tutorial GPO - Create an exception to a computer
On the domain controller, open the group policy management tool.
Create a new group policy.
Enter a name for the new group policy.
In our example, the new GPO was named: MY-GPO.
On the Group Policy Management screen, select your GPO and access the Delegation tab.
On the bottom of the screen, click on the Advanced button.
Click on the Add button.
Click on the button named Object types.
Select the Computers type of object.
Search and add a computer.
Select the computer account and deny the permission to apply the group policy.
On the Warning window, click on the Yes button.
In our example, the computer TECH-DC01 was denied permission to apply the GPO named MY-GPO.
Tutorial GPO - Applying the group policy
On the Group policy management screen, you need to right-click the Organizational Unit desired and select the option to link an existent GPO.
In our example, we are going to link the group policy named MY-GPO to the root of the domain.
After applying the GPO you need to wait for 10 or 20 minutes.
During this time the GPO will be replicated to other domain controllers.
Reboot the remote computer and verify if the configuration is ignored.
In our example, the computer TECH-DC01 will not apply the configurations from the GPO named MY-GPO.
