I've spent the past 40 hours trying to figure out what's causing this, so far no luck, I've head dozens of articles & different questions of this topic and not a single one has helped with this... Just showing the problem isn't going to help because I've done the same as everyone else, so I'll try to explain what I've done so if maybe I've missed something then someone can point it out.
I make a new Organizational Unit called "Staff" under my forest.
Then I make a security group called "Managers" & add a user under this group called "Ty".
Then I go to the "Group Policy Management" tool (gpmc.msc).
I right click the "Staff" unit, then "Create a GPO in this domain, and link it here" called "Manager Policy".
I click the new GPO, go to the Delegation tab, select advanced, then select "Authenticated Users", I keep read on but remove the tick from "Apply group policy".
Then I add the "Managers" group and check "Apply group policy" for it.
Now I right click the "Manager Policy" and select Edit.
I navigate to "User Rights Assignment" under "Computer Configuration" and define "Access this computer from the network" with "Everyone" & "Allow log on through Remote Desktop Services" with "HORIZONS\Managers".
Once I have added the Policies, I open the command prompt and type "gpupdate /force".
Then I check to see if its applied using "gpresult /r /scope computer" which displays that the GPO has not been applied.
& to double check I try logging into the account in which I receive "The connection was denied because the user account is not authorized for remote login.".
What am I doing wrong or missing? I've spent too long trying to do something that should be so straightforward...