I read a really interesting thread on the Focus on Microsoft mailing list. A list member said his users found a way to bypass Group Policy so that they could install unauthorized software on their machines. What the users did was to enter their login credentials, an as soon as they authenticated to the domain they would unplug the network cable so that group policies weren't downloaded onto their machines. This effectively let them bypass restrictions.
The solution to the problem seems simple enough. Another listed member pointed out that to mitigate the problem a couple of simple tweaks can be performed. Administrators can set the logon policies to always wait for the network at computer startup and logon, which makes the logon process a bit slower, but eliminates the problem of users bypassing group policy. Another helpful setting is to enforce a policy refresh every so many minutes in case users find ways to modify policies.
