Trying to get some info on your situation first. AD/GPO c*a*n do q u i t e a lot.
So you are trying to get the remote site to VPN to the home office, then from your site to go surfing. You have T-1s for tie lines. You reference SSL – I assume you are speaking of SSL enabled websites (not SSL VPN).
they can still go direct to internet presently and can access secure websites while local.
If they use a DSL line (home? remote office? home office?) SSL is disabled (?) – do they still have internet?
Remote site tech can SSL from his own, but not from another (as local admin) – is he successful if he logs in as standard user (on either laptop)?