As a domain admin I don't have a problem "TS'ing" to the Windows 2003 boxes but those of lower permissions cannot. I want to say that it has to do with the Group Policy difference between Windows 2000 and 2003 but I can't say for sure.
Any suggestions on what to try or look at?
Remote Administration connections are by default restricted to domain administrator accounts. To let Joe User (JoeU) log on, you'll need to follow these steps:
1. Add JoeU to the Remote Desktop Users group by opening his user account and moving to the Member Of.
2. Grant JoeU (or the Remote Desktop Users group) the right to log onto the server in question. This policy is located in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow Log On Through Terminal Services.
Notice that this will not work unless you complete both steps. By default, the RDU group does not have permission to log onto a domain controller. You do not have to configure the "Allow users to connect remotely using Terminal Services" group policy to allow JoeU to log on.
This was first published in September 2005