I have an SMS2011 domain with a Win2008R2 setup as a RODC. All worked well until I needed to give an App vendor support person access. I tried to set it up using local security policy and then set up a GPO for the RODC. I don't think I made changes to the Local Security Policy and I have deleted the GPO from the GPO manager. I deleted the GPO from the main controller and have run GPupdate on the RODC and the GPO has gone.
Problem is that I can login to the RODC locally but when I try remotely or from the LAN it says to logon you need to be granted the Allow log on through Terminal Services right. It goes on about having to be added to the Administrator Group etc.
However, I am a Domain Admin so I am wondering what I changed to cause this. I do now remember not changing the local policy because the template I was looking for was not there and recall thinking it was a bad idea to change anything there.
I don't want to tinker about as I don't want to create a bigger ball ache..!
Can anyone list the GPO templates to check and any known issues with SBs?