Windows SBS 2003 server, Windows 2008 Terminal Server. TS is NOT a domain controller, for security reasons, but is part of the domain.
Several remote locations log in to TS to run local database apps.
New requirement is to allow "guest" users onto the TS to run these database apps, also in "guest" mode.
Original idea was to create a local, not domain, user on the TS box. That way there's less access to other apps and files on the network. But I get the "allow log on through Terminal Server right" error.
Since this isn't a domain controller or domain user account, I can't figure out where to change the policy without removing all the security. (Not every domain user has TS privileges).