It's me again. Another issue, which should be quite simple...
In my domain I created an OU with one Security Group in it. In this Security Group I have a bunch of members. I slapped a User Config'd GPO to this OU and linked it. Running the simulator on the OU, I see it applying the Default Domain Policy and the GPO, which is great, but RSOP on the client doesn't reflect the GPO settings.
Now, the members in this Security Group are also members of Domain Users, Everyone, Users, and probably Authorized Users. Could this be the problem?