Let's explore just one more sample policy inside Computer Configuration, before we change gears and look at the user side of things. If you remember way back to the beginning of our book, you know that each computer has the Local Group Policy settings that can be configured without any domain or Active Directory Group Policy configured. Does anybody ever actually use Local Group Policy? Sure, small environments do. Maybe you have acquired a new company and all of their computers are littered with local policy settings. Or perhaps you have some employees with a propensity to tinker with things, and they have some knowledge in this department. It would be pretty easy for them to dive into their local policy settings to configure their computer in ways that you, as the AD administrator, may not wish to support.
Whatever the reason, it is sometimes necessary to disable Local Group Policy settings from taking effect. Thankfully, this is very easy to do with an Active Directory Group Policy setting:
Computer Configuration | Policies | Administrative Templates | System | Group Policy | Turn off Local Group Policy Objects processing
Simply configure this setting to be Enabled, and all Local Group Policy Objects that might be present on the workstations will be blocked from being applied. As seen in the description of this setting, those computers will not process or apply any local GPOs:
Some folks utilize this setting as a standard practice (even if your machines do not have any local policies), to speed up the Group Policy processing cycle. If you know with certainty that you never want Local Group Policy settings to work on your computers, configure this and the machines won't even attempt to look at local policy settings, allowing that processing time to be better utilized on processing Active Directory Group Policy Objects.