1. First you need to find the GPO Guid
To Find the group Guide Connect to a dc server and open Active Directory PowerShell
get-gpo -all |select-object DisplayName,id |sort name >c:\gpo.txt
2. Find in Active directory the GPO with ldap search
That guid is an attribute on an object in Active Directory, so you can query for it:
(&(objectCategory=groupPolicyContainer)(name={D45A4D0F-77BE-4116-9F5B-CF96E81D2DDC}))
3.Right Click On the Guid – Properties -security
4.Advanced
5.Add the user/group
6.Deny on – Apply Group Policy
