How do I block inheritance/application of a single GPO?

windows active-directory group-policy

Solution 1:

Add the specified machines to an Active Directory Security Group and add the Group to the GPO with a "Deny" for "Apply Policy" (Don't fall for doing a full deny as it will stop the GPO name from enumerating, making troubleshooting difficult). Then, add the machines to that Group as required.

Solution 2:

Simply use the "Apply to All users except local administrators" setting in the Software Restriction Policies Enforcement... you don't let all your users run as Administrator... do you???

Software Restriction Policies

As an alternative, perhaps you could define the Software Restriction Policies in the User Configuration portion of the GPO, then use Security Filtering to allow that GPO to only apply to a particular security group of users.

Related

Why might the Jenkins user not have permission to access the Docker unix socket?
No space left on device after growing filesystem
SAN with a few SSD drives, or lots of old fashioned HDDs?
Postfix Recipient address rejected: Access denied Error
Ansible: a host appears in more than one group, and both groups have the same tasks in them; any way to run tasks once?
What does MX in SPF mean? [duplicate]
Backup of running KVM qcow2 VPS
Best choice for NTP client configuration
Where does finger connect to by default?
Can't open and lock privilege tables: Table 'mysql.user' doesn't exist - Trying to run second instance of myslq
using flock with cron
Remove reboot request for DISM