question

47451047 avatar image
0 Votes"
47451047 asked FanFan-MSFT answered

How to deny computers in the policy?

Hello. I have a policy for users. How do I exclude some computers?

security filtering - add computer - Apply group policy - deny

Does not work

windows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

Based on my understanding, you don't want the user to apply the user policy when logon to some specific computers, right?
If the computers don't have the read permission on the GPO, then the user will not apply the policy when logon to the computers.

It is suggested:
Removing the authenticated users from the security scope.
Adding the user groups and grant them read and apply group policy permission.
Adding computer groups (don't have the computers you want to exclude) and give only read permission.

Then computers which are not included in the computer group will be exclude.

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnupGhonge-7146 avatar image
0 Votes"
AnupGhonge-7146 answered

@47451047 Along with deny you have to add Authenticated Users as "Read" in delegations.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.