Firstly - if you are deploying/publishing software packages via GPO - you might well want a different policy for laptops. For example - an app which requires always-on connectivity to your server might not be appropriate for laptops. More likely - there's specific apps you want to have installed on laptops, but not on desktops. 3rd party VPN clients, for example. The other thing you need to bear in mind with laptop policies is that laptops move AD sites, whereas desktops (broadly speaking) don't. Anything which points to a specific server at a specific site might be worth changing for laptops, so maybe it looks for a DFS share? If laptops are to be used in other networks that you don't control - proxy settings delivered by GPO might not be appropriate for them. Although I always tend to have a high level of auditing on any workstation, auditing is especially important on laptops. If one comes to you with a problem, you want to be able to see who's been logging on and with which privs. Some users are sneaky - they get admin on their machines, mess them up a bit, remove themselves from the admins group and claim to the helpdesk that it "just went like that by itself". Hmmm.... sure. It installed Office 2007 Beta 2 all by itself, did it? Let me see.... there's logon events here showing you logging on with various admin privs....