Block Group Policy on a User only on a particular machine - easier way?
We're trying to figure out a way to block a particular group policy object from applying to a particular machine only when a particular user logs on to it (too many particulars??!). We've figured ways of doing it by moving users into different OUs or outright denying them the 'apply group policy' permission on a GPO but would much prefer a more viable solution.
So for example, we have a Staff Redirection Policy in a GPO purely dedicated to the User Side. We want that GPO to apply to Joe Bloggs where-ever he logs on, unless he logs on to a client called 'joe-client'. I've tried denying the client the apply permission but that just stops it applying the computer side of a GPO as opposed to the User side which is no good.
Does anyone have any ideas?