Group policy settings are an integral part of any Windows-based IT environment. If you are a network administrator you use them to enforce corporate security and desktop management policy, and if you are a user you have almost certainly been frustrated by the limitations imposed by those policies. Regardless of which you are, you should be aware that if the users in your network belong to the local administrator's group they can get around policies any time they want.
There are two steps to circumventing a group policy setting: identifying the setting's location and preventing the setting from being applied.
Read more here on Mark's Sysinternals blog.