I'm looking for a way to set a GPO so that it will only apply if BOTH the user and the computer are in the scope.
I need to restrict internet access on certain computers from most users. The reason is that these users should be allowed access to the internet on computers that will be supervised, but not on computers that will not be supervised. However, I also want a user group that is unrestricted on all computers.
What I've found is that if I use the User Group Policy Loopback Processing Mode to apply user configurations to computers, I have to scope both a user and a computer. Unfortunately this also applies the proxy settings to the user in the scope while they are using other computers as well as other users on this computer.
Do an explicit deny policy to the user group that you don't want the policy applied to. This would keep that group from applying that policy and the user Loopback processing should set the permissions you want.