As for why you can't log into the remote admin server, my first guess is that you're not a member of the administrators' group. (Tip for anyone reading this and planning to send in a question: Specifying the error message helps troubleshooting.) If this is the case, you need to edit the permissions both for yourself and for the protocol. Allowing Joe User to log onto a terminal server that's also a domain controller is a two-step process. First, use the Domain Controller Security Policy tool on the domain controller in question to change the security policy for the DC to permit users (or authenticated users) to log on locally, then refresh the security policy. (Open the Security Settings folder, double-click Local Policies and then click User Rights Assignment. Click the Log On Locally right, and then click Add.
Browse for the appropriate group, click Add, then OK your way out of the dialog box and refresh the security policy with secedit /refreshpolicy machine_policy /enforce.
Next, go to Terminal Services configuration and edit the properties for Remote Desktop Protocol (RDP). Turn to the Permissions tab and add Authenticated Users to the list of groups allowed to use RDP. That should allow Joe User to log on.
This was first published in July 2003