We are looking to implement a group policy that will allow the system administrators to log in on workstations using Domain User credentials. Currently we get the error "The local policy of this system does not permit you to logon interactively" when trying to log in.
We found that the users need to be part of the Local Admin group of the machine to be able to connect which is as a security measure, we would not like them to have.
What I would like to know is if it is possible to make system wide changes to allow logging on remotely to using users credentials without upgrading their security rights? Is there a group policy option that will allow this?