Wednesday, 10 February 2010

Filtering Group Policy from applying (Windows Server 2008)


In this post I would like to refresh my previous post about filtering group policy from applying. The first post was showing the steps based on Windows Server 2003, now I want the show the same thing but for Windows Server 2008. If you want to know what filtering is used for, please have a look at my previous article. Here I will be showing the particular steps without a lot of explanations.

1) Open your Group Policy Management Console.

2) In the GPMC navigate to the GPO which needs to be filtered out, right click on it and choose Edit.

3) In the Group Policy Management Editor right click on the name of the GPO on top and go to the Properties.

4) In the properties window go to the Security tab, add required user and set Deny on Apply group policy for this user.

That is it, you have just filtered your Group Policy from applying to a particular user.

Thanks for reading.



  1. I did the filtering and the policy still applied to Administrators when I remote logged in. Did I miss anything?

  2. Hi,

    Thanks for your comment.

    Maybe you have missed something, or maybe there are some setting applied by another policy.

    Could you please post your question to this forum:
    In the post, please give as much details as possible, i.e. your OU structure, applied policies, also logon to the TS as administrator and issue gpresult /r command, include the outcome into your post on the above mentioned forum.


  3. One more thing, first of all please try to filter from applying to a User rather than to a Group. When you filter the policy from applying to a Group along with enabling Loopback in that policy, it may cause some unpredictable behaviour.