My post at Tip - Action Override User settings may be helpful, but those options look correct to me (looks like the last example I have on that page).
Error 1385 in particular maps to “The user has not been granted the requested logon type at this computer”, which means the password is correct but the account is not allowed to log on. I’m actually not sure whether we are triggering an Interactive or Batch type logon with our overrides.
Best-practices are that a Domain Admin should not be granted logons to workstations. You might need to check with your AD team to see what account you should use for admin access on workstations, or you may need to set up a new AD account with local Admin rights to the machine.