Hi Dears, We have a GPO that we want to apply to all our servers except ones in a particular OU. We want all the other policies to apply to this GPO so I don’t want to use Block Inheritance since every other GPO would then have to be manually linked to this OU. Can I enter this OU into the Scope settings for the GPO with a Deny somewhere or anything like that? how’s this? (just an example) 
- I have a bunch of GPOs attached to the Prod OU. Under Prod, there are really 10 OUs, I’ve just shown 3 in the image.
- I want the App and Utility OUs to get all of the GPOs linked to Prod.
- I want the Web OU to get all of them except one specific GPO.
If I block Inheritance on the Web OU, then it doesn’t get ANY of the GPOs at the Prod level and I have to relink them all, and any new ones, in order to keep Web up to date. I’m hoping there’s some way to link the GPO to Prod and simply exclude the Web OU. I don’t want to have to redo our entire OU structure so am trying to work with what’s currently there. Thanks.