I have tried this two ways now. One where the destination domain is a child domain of the forest and one where it is a separate forest trusting the main domain.
As it stands:
1. Domain A is trusted by Domain B.
2. A\shawn is a member of B\Remote Desktop users & B\Domain Admins
3. ServC is a member of Domain B & has RemoteDesktop enabled
4. GP for Domain B is applied to all resources in the domain B and Enforced which specifies that A\shawn B\Domain Admins B\Remote Desktop Users are allowed login through terminal services
5. B\Administrator can login remotely to B\ServC
6. ServC is able to authenticate A\Shawn verified by logining as B\Administrator and doing a runas
7. GPResult /v shows the policy is applied to ServC and A\Shawn is permitted remote login.
What can’t A\Shawn log in to ServC? I get the standard “To log on to this remote computer, you must have Terminal Server User Access permissions on this computer….”
Please advise.