I have an SBS 2003 R2 domain setup with a remote DC at another office running Server 2003 Standard (not R2). While I was setting up the system I had installed Terminal Services on the machine in a fit of madness, thinking I needed it to enable the remote management capabilities through RDP. I did this before I had promoted the server to a DC. I had confirmed that I could get to the box with RDP and then continued to setup the rest of the box and then promoted it to a DC. At that time it said it was modifying the permissions of the Terminal services to only allow remote administration, which I said Yes to. Apparently I never tried to get back onto the box with RDP after that point. I have since installed the box in the remote network, setup everything locally and come back to the home office again. Now when I attempt to access the remote server with RWW or RDP direct, I get a dialog box after attempting to login that says: "To log onto this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop User's group, or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually". I have checked the Domain Users and Computers plug-in and cannot find that group listed, although when I tried adding administrator to it, It found the group when I did the Check Names step as a BUILTIN. This still didn't allow me access to that remote server and still gives the above error. I went into the Group Policy Management plug-in and found the rights for Allow log on through Terminal Services under Default Domain Policy/Computer Configuration/Security Settings/Local Policies/User Rights and it is set to undefined, but also says that by default Administrators and Remote Desktop Users should have this right enabled on Workstations and Servers and Administrators for Domain Controllers. Because I actually installed Terminal Services on that server and then promoted it to a DC, do I now need to explicitly define those rights in the GPMC to get it to let me remote in, or is there some other step that I am missing?
This is not urgent yet as nothing is broken, but it will be as soon as somebody want to make a change on the remote system, so 500 points to whom ever can get me back on this box!