This is apparently computer specific and not related to the user. Local security policy is overridden by group policy settings applied for the active directory site. But even those settings can be overridden by group policy settings applied for the active directory domain of which the computers are members. I would go to the computers that are giving you trouble and view their resultant set of policy(RSoP) to find the problem.
I am the "unofficial" network administrator for my school's EAST lab. (eastproject.org)
To increase productivity, I have been forced to put certain restrictions into effect, through Active Directory. (Block certain EXE's, disable changing wallpaper, etc.)
However, it doesn't seem to be working.
A user, let's call her "Yuki," would log onto computer X, and have the restrictions in effect. Another user, "Gomez," would log onto computer Z. The restrictions would not be in effect for Gomez, on computer Z.
The next day, Yuki and Gomez would swap computers, for an unknown reason. (They seem to like having their "own" computers, and "stealing" the computers of others. ) Yuki would log onto computer Z, and Gomez on X. The restrictions would be in effect for Gomez, but not for Yuki.
I have tried rejoining the defecting computers to the domain, EASTLAB, but that didn't seem to work.
The server is running Windows 2000 Server, SP4.
The user's computers are running Windows 2000, SP4. There are a few WinXP SP2 user computers, but the problem doesn't seem to correlate with the OS.
Any and all help is appreciated.