Our company has two AD accounts for IT staff. A regular user log in and an administrator account we use for credentials for elevation prompts. I wanted to apply a "Lock Down" Group policy in Meraki to our admin accounts in the case one gets compromised and someone logs in with it. And that "Lock Down" GP will block all internet connectivity. But we obviously need these to log onto servers which need to be online. So if I would add a GP to the servers on a device level that copies our current firewall and traffic shaping rules, and apply the "locked down" GP to our admin accounts, which one would take priority and be followed? Would the user GP block internet connectivity or would the devices GP override what policies the user has and allow it? I can try building a test network but was hoping someone might have some more insight or maybe a backup plan if this wouldn't work.