I have several policies in place, but the one thats bugging me is the ability to log onto terminal servers.
This is defined at Domain level for Domain Admins (myself) to be able to log into terminal services. All other policies below this one are DENIED as being applied to Domain Admins. When I reach my member server policy, even though it is DENIED as being applied to me, I cannot access my terminal server unless I add domain admins in again to the highest-ranking GP (the terminal servers policy). This shouldnt be the case - it should be cumulative as domain admins are applied the right to log on at the domain level policy, and no other policies are applied to Domain Admins.
Any assistance greatly appreciated.