If your TS is also a Domain Controller (not recommended!), then you must do the following:
1. add the users to the built-in domain local Remote Desktop Users group in AD
2. enable the following setting in the Default Domain Controller Policy:
Computer Configuration - Windows Settings - Security Settings - Local Policies - User rights Assignment "Allow log on through Terminal Services" and add the Remote Desktop Users group to the list of allowed users
3. add the Remote Desktop Users group to the permission list of the rdp-tcp connection
Last Wiki Answer Submitted: November 28, 2009 5:07 pm by AndreaF6,130 pts.