I have a AD network upgraded from previous versions of AD. We are starting to use Windows 7 laptops and want to use AD for local log-in rights and access. The machines are all joined to the domain.
Most users cannot log-in to Windows 7 machines at all due to not having local log-in rights. The only way to get things to work for now is to either add the user to the Domain Admin group (and we all know why I won't do that) or to add them to the Terminal Users group.
Additionally there are some users, logging onto Windows 7 desktop PCs, that though they can log on to the machine as Terminal User, when they log out the user profile is deleted completely from the local machine and has to be reconfigured again the nest time they log back in. This issue is described in part in Microsoft's new policy regarding guest accounts, however these are not guest accounts, however none of these accounts are members of Guest.
Any AD admins out there that can shed any light onto these issues?