I implemented SRP on a Windows 7 Pro PC that I was logged into as the Local Administrator. In Enforcement I ensured that "All users except local administrators" was selected. I then set the default Security Level to Disallow. At this point I attempted to open Windows Update from the Start menu and was blocked. I ran gpupdate, still blocked. I rebooted the PC, still blocked. I changed the default Security Level back to Unrestricted and was no longer blocked. Why is'nt the "All users except local administrators" enforcement variable working? This is the 9th PC I've setup with SRP, all the same configuration, and all the others work fine. Any ideas?