I am using Group Policy to lock down a group of lab computers. I use both computer and user policies. Each computer in the lab is logging in under the same username. Is there a way to stop specific computers from having the settings applied even if they are logged in under said username?
The reason I ask, is there are changes that I need to make to some machines and they require that I log into the normal lab login, but I do not want to lift the restrictions because the rest of the computers still need to be in use.
If not, I will always have to make changes after hours. Any thoughts?
Is there a way to stop specific computers from having the settings applied even if they are logged in under said username?
Well, wouldn't that defeat the purpose of "securing the machines" if on some specific computers the settings aren't applied (assuming that the test users will also have access to those computers)?
If your main objective is to be able to edit the machines when you want but not be restricted yourself, how about this option: Setup a client-server lab network, setup the user account to be used and place that user account in an organizational unit, then apply the policies that lock down that account to that OU. Then, whenever that account is used to login to the comp, those restrictive policies are applied, but when you login to any comp, the settings aren't applied, and if you want to make changes to the policy, you could do so on the server.
Well, that is how it is currently setup; however, there are times that I need to change settings as that user. The changes will not take effect while logged in as Admin, for instance. The problem is, I want to make the changes during the day while the computers are in use. It sounds like this is not possible?