Group Policy and Dual-Purpose Computers
Say you have some computers that are used by employees during daytime work hours and for training classes during evenings and weekends. How should you secure this environment using Group Policy? The simplest way is to try to exclusively use user policy settings for this purpose and not machine policy settings. That way, you can configure a looser set of user policy settings for employees that allows them to do their work, and a tighter set of user policy settings for students to lock down what they can do. Since there’s actually quite a bit of overlap between user and machine policy settings (at least as far as registry settings under Administrative Templates are concerned) this approach is often workable.