I didn't look far enough down the line. You can apply the user filter to the blacklist policy, but the policy needs computers, and it doesn't appear to get the machines that they are primary on. So it doesn't even return the computers that the users are assigned to (at least for my environment).
So I'm not sure if it will work for you to do it this way, unfortunately.