Hi,
Regarding your first question, we’d better confirm the difference between Computer Configuration and User configuration. Computer Configuration in Group Policy is applied to computers, regardless
of who logs on to the computers. User Configuration in Group Policy is applied to users, regardless of which computer they log on to. If we set the settings collide with each other in Computer Configuration and User Configuration in one GPO, the Computer configuration
will override the User Configuration. For details, please refer to the following article.
http://www.theeldergeek.com/gp06.htm
Computer Configuration
http://technet.microsoft.com/en-us/library/cc736413(v=ws.10).aspx
User Configuration
http://technet.microsoft.com/en-us/library/cc781953(v=ws.10).aspx
Regarding the second question, maybe you have misunderstand what does “Password never expires” mean. This setting means that the system will not force you to change your password when the "Maximum
password age" is reached. Regardless of whether or not the password expires or not, it can still be locked through multiple attempts to login that fail.
As we know the Account Policies settings in Group Policy are all applied at the domain level and each Windows Server 2003 domain can have only one Account Policies setting. The Account Policies setting must either be defined in the Default
Domain Policy or in a new policy that is linked to the root of the domain and given precedence over the Default Domain Policy. If you do not want to apply the password policy to Domain Admin group, maybe we could try to create a new GPO with Password Policy
configured and link it to the domain, then we could try to limit the scope of the GPO use Security Filtering.
Security filtering using GPMC
http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
Regarding the last question, if we want to make USB devices read only via Group Policy. I suggest we could refer to the following article.
How can I prevent users from writing to USB removable disks (USB flash drives) by using Group Policy (GPO)?
http://www.petri.co.il/disable_writing_to_usb_disks_in_xp_sp2_with_gpo.htm
Best Practice: How to use Group Policy to make USB drives read only on Windows XP
http://www.grouppolicy.biz/2010/02/how-to-use-group-policy-to-make-usb-drives-read-only-on-windows-xp/
Best Regards,
Andy Qi
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback
on our support quality, please send your feedback here.