Just a example. We have locked down user with AD group policy no control panel, no run option, no c drive, etc. Now a desktop tech has to come up and work on the end users workstation as the user. We would like to see if there is a command or program they can run that will undo the user policy changes temporarily as the user. That way a desktop technician can troubleshoot the issue as the user.
I found the following and wrapped it up in a batch file, but it doesn’t seem to change the user side of group policies.
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
That resets the operating system back to original installation default security settings.
This arctile describes the full functionality:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222