When logged into the Terminal Server as administrator I am unable to remote control 2 user accounts.
RSOP on the TS shows "Set rules for remote control of RDS user sessions" as Enabled "Full Control without user's permission"
Session Host Configuration RDP properties, Remote Control tab is greyed out and lists the settings above.
When right clicking on the user in services manager and selecting "Remote Control" I am prompted to select the hot key and then after 1-2 seconds receive "Access Denied".
The users I am trying to remote control were removed from domain users and have very limited permissions. Their sessions are locked down to exclude the control panel, cmd, shared folders, folder options and a few others. However I put a test user in the same OU and in the same groups and I can remote control the session. It is just those 2 users.
I just discovered It appears to be something to do with the RDP client. If I use the user's credentials to log in from my machine it works. I am told they are using windows 7 but will have to verify as that does not make sense. Any ideas?