Our users operate in a Terminal Server environment and use SAP finance applications. Following a recent server migration of SAP, there are certain users who cannot run it. The onsite SAP administrator found out the only way they could run it was if he put them in the Domain Admins group. However Domain Admins gives them access to shutdown the Terminal Server, so the administrator needs us to remove this option for them. My question is how do we do this? I am unsure if applying a GPO containing the "Remove access to the Shut Down command" to the Domain Admins group will overrule their inherent admin rights? Is this so, and if not, what is the best process to follow to remove their access to the shutdown option?