Terminal Services to Domain Controller »
Every once in a while - usually on smaller companies who only have a single server - you may need to permit a particular user or group permission to log onto the domain controller. Naturally, this is a bit of a security risk. But let's face it - not everyone can afford a new server just to overcome this sort of issue.
In that case, you'll want to follow the steps outlined in this tip. In a nutshell, load Domain Controller Security Policy, then navigate to Security Settings -> Local Policies -> User Rights Assignment -> Log on Locally. Change this setting to include the user or group you'd like to add.
Here's a hint: Add a group instead of a user. Just make sure the users who need to log on locally are members of that group. That way, if someone leaves, you can simply remove them from the group - no need to worry about updating the policy again.
