Please see the following article:
In my opinion the suggested solution will only work if the Terminal Server is also a domain controller.
My TS is not a domain controller and I have not been able to get the above to work.
It would seem that I would have to use the "Local Computer/TERMINAL SERVER USERS" group to set the policy and not the "Domain/Local Computer/TERMINAL SERVER USERS", however, I don't see any way that can be done.
Currently, I have to create separte accounts for TS users that use TS from their desktop computer, otherwise the stringent policies I apply to the TS aslo apply to their desktop.