How to bypass GPO loopback processing for some users?
I think the solution would be WMI filtering (that's how I did it in my place).
You create a WMI filter that catches those workstations you want.
You create a GPO with the user settings only, and with security filtering.
You put the two together, and place the GPO on the users container.
So the WMI filtering specifies the comptuer it applies to, and the security filtering the users it applies to.
And drop the loopback.
It will give you more headaches than you bargained for, as it doesn't apply only to the specified GPO that it is configured in, but to all policies applied to the computers.
Update
If you have kb3163622 installed on your workstations, you can do the same by using security groups only.
This update changes the way user policies are applied.
From now on, user policies are actually applied under both the computer and the user security context.
So if you'll put in the security filtering of that GPO the computers and users you want it to apply to, that will do the same trick as the WMI (assuming you're not going for some complex query).
A deny ACE for Apply Group Policy permission for the security principals in question (User/Group) on the group policies with the user settings in the computer OU will prevent the user group policies linked at the computer OU from applying.
However, if loopback policy processing is configured for Replace mode, the user group policies that are in scope for the user account location (and not for the computer) will be ignored.