So, we have some servers coming into Wolftech that need to enable "AutoAdminLogon"
This setting is turned off by the Microsoft EC "baseline, best practice" security GPOs applied to the Domain.
Not a problem, right? We just set a GP closer to the servers in question, and since we're cool, we'll filter on group membership so we can pick and choose what machines get this security setting overwritten.