I have created a user in Windows 2008 server and made the user a member of the Remote Desktop Users group. I've checked the RDP-Tcp Properties (security tab) and I see Remote Desktop Users has "user access" and "guest access" allowed, but not "full control". Under "system properties"/Remote tab, I have selected "Allow connection only from computers running Remote Desktop with NLA". Under "Select users..." I've added this new account I created.
When I login via remote desktop connection, I see the login screen, but it has the message "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By Default, members of the Remote Desktop Users group..."
please help! what am I doing wrong?
note that i prematurely accepted this answer. this isn't an NLA issue: