I have a test OU that has a GPO where loopback processing is enabled in computer settings. I have another GPO (user settings) that locks down the system whenever someone logs into a workstation that is in this test OU. I wish to be able to have a certain few individuals, or a group or users, that don't get locked down when they log into these workstations. I currently have Authenticated Users in the security filtering settings of both GPOs. I've tried to create a global security group that contains all users that should receive the locked down desktop, the few users that I don't want to receive the locked down desktop are absent from this security group. I've tried replacing Authenticated users with this group in the hopes that certain people won't receive the locked down desktop, but it isn't working. Can someone please point me in the right direction?