I've never seen this before, and hope someone here can help explain this.
The following screenshots were taken on a computer that is not a member of any domain, and therefore not having any Group Policy imposed. The logged in account at the time was the built-in Administrator. The system is running Windows XP SP3.
From secpol.msc
in Security Settings -> Local Policies -> Security Options:
Usually these settings are Enabled or Disabled. I've seen some policies as "Not Defined" before, but that's usually when it is the default for that item. For these, the defaults are Enabled for Administrator and Disabled for Guest. I've never seen "Not Applicable" in a security policy setting, let alone would I expect to see it in one as basic as this.
What could have caused this, and how can I make the policy changeable again without having to re-build or restore from backup?
Interesting. I haven't seen this behavior before, either. I can only find a couple of references from Microsoft in documentation to such behavior (the Windows XP Professional with SP2 Security Configuration Guide and the Windows Server 2003 with SP2 Security Configuration Guide) and the documentation is unhelpful, stating "If this setting is shown as Not Applicable in the Local Security Policy, it may be necessary to right-click the Security Settings node and select Reload in order to refresh the policy settings."
Out of curiosity, what happens when you "Reload" per their instructions?