Looking for a little guidance on this. First some background. All clients are Win 7 Enterprise 64 in a single Active Directory domain. I allow my users to configure their own screensaver settings, but if they log into computers w/in a specific OU, I need the screensaver settings forced to a long delay with no password protection (these are presentation computers for classrooms, conference rooms, and assembly areas).
So I've created a custom GPO and linked it to that computer OU only. It contains user config settings that disable the screensaver password protection option and set the timeout to 4 hours (Admin Templates - Control Panel - Personalization). I also set the loopback merge option for this policy. Basically I only want this policy to affect users who log in here and then I want it to not be applied at all anywhere else. When I log in on a computer within this OU, I get that restriction applied. But when I log back into my office computer, the configuration is still there. If I run RSOP or do a policy result wizard w/in GPMC, everythings shows that this policy is NOT being applied. Yet my screensaver settings are still set according to that GPO and my HKCU\Software\Policies registry still contains the keys/values of the GPO.
I thought that HKCU\Software\Policies was immune to tattooing. Is this tattooing or have I somehow configured this to behave that way and this is actually normal. Either way, I'd appreciate some guidance as to how to get where I need to be. I want to enforce a new policy (not override an existing policy) for all users but only on a sub-OU of my computers. I hope I'm explaining this properly. Thanks in advance for the help!