I have a very particular DLU environment I'm trying to create and I am a little lost in the logic.

We are a school district and hand out notebook computers to our teachers. These notebooks receive device assigned policies for both DLU and Windows Group Policy rights. They pretty much receive full Administrative rights on these machines and can do whatever they please. Their user profile is also Non-Volatile and never deletes itself from their laptops.

However, when a teacher logs into a desktop within our district they receive a User assigned DLU with User run level rights and are restricted based on GPO settings.

Students are Volatile users and I have a User Exclusion rule on the notebook DLU that restricts all student users from logging into teacher assigned notebooks.

This all works just fine, but now I need to throw a curve ball into the whole situation...

I need to allow students (who use a restricted user assigned Volatile DLU) to log into teacher laptops. I do NOT want students to be receiving the device assigned policies, because then it would save their user profiles to teacher notebooks.

How can I do this? Would a Workstation Inclusion rule on the Student DLU have any effect?