I'd like to have it so that depending on who logs in, certain policies
are applied. Mainly, there should be a difference between users and IT
However, the IT staff is in the same OU as the users, in most cases.

The goal would be to have the IT policy have nothing disabled, while
the users have many things disabled.

Is it as simple as creating two User policy packages and associating
them appropriately?
Problem that I forsee is, if I associate the "locked down" policy with
"SF.ASB" (the OU of users/IT in Sf), then associate the other policy
package with "Group-IT.sf.asb". What would be the end result? Do both
policies get applied and the most restrictive one wins?

Thanks all
#novell on efnet