I've created a GPO in SBS 2008 that deploys and updates software. Unfortunately, one of our VPN users lives out in the sticks and has severe latency, so the start up processes and updates time out and take an awfully long time, if they ever complete at all.
I'd like to apply this GPO to all auth'd users except for him, without having to create a new custom user group. Any thoughts?
You could name the user in the "Security" on the GPO with "Apply Group Policy / Deny" permission. It's not really good form to name an individual user in permissions, ever, but you could do that. Edit the GPO, right-click the top-most node in the left pane of the GPO editor, choose "Properties" and go to the "Security" tab.
(I won't get preachy in this email, but I will say that you shouldn't be adverse to creating security groups, even if they're just for a single user. Security groups will save you lots and lots of time when turnover occurs and you have to give the replacement employee the "same rights" as the person they're replacing...)