Ok the problem i am having is with giving user accounts logon rights to my servers. I have tried adding a GPO at the site, domain and ou levels and cant get these settings applied. The only way i can get them to work is if i put them in the local policy of each machine.
The Settings are: Computer Configuration/Windows Settings/Security Settings/Local Policies/User Right Assignments:
Allow Logon Locally
Allow Logon Through Terminal Services
I add the group i want to be able to logon to these groups but when i try to logon they still dont have the rights to do so. I added a 3rd setting to the GPO to add the shutdown button to the logon screen and rebooted the machines and that part of the GPO is working. I dont recall any limitations on where to place local policies to make them work and this should be the only GPO with defined settings in the forest atm. If anyone knows what im doing wrong please feel free to tell me.