New to the whole GP thing (i know, terrible). Anyway, just curious how everyone else implements them.

The way I was thinking is configuring BOTH the Computer Configuration and User Configuration and then associating that policy with the devices. Then for admins or whoever, create another policy that "lifts" these restrictions and associate them to the users.

Is this an OK approach? Confused by why there are identical policy settings in the Computer Config and User Config.

Thanks in advance