Which rights are required for TS to work on a DC that is running Server 2003?

Hi,

I've read conflicting information as to whether or not the "Allow Log
on Locally" user right is
required in order to use TS on a Domain Controller running Server 2003.

This posts suggest that it is required:
http://groups-beta.google.com/group/microsoft.public.windows.terminal_services/browse_thread/thread/79eaebf91a0b8aed/aa6e209d8231d81f?lnk=gst&q=is+log+on+locally+required%2C+domain+controller&rnum=3#aa6e209d8231d81f

This KB article also says its required (at least for Win2k):
http://support.microsoft.com/kb/247989

However, a snippet from this article suggests that if "Allow Log on
through Terminal Services" is set, that it will suffice, even for a DC:

"Allow log on locally
This policy setting specifies which users can start interactive
sessions on the domain controller. Users who do not have this right are
still able to start a remote interactive session on the domain
controller if they have been assigned the Allow logon through Terminal
Services user right."

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/s3sgch05.mspx

Can someone please clarify, which of the two rights are required for TS
to work on a DC?

Thanks,
Rob

.

Follow-Ups:
- Re: Which rights are required for TS to work on a DC that is running Server 2003?
  - From: Vera Noest [MVP]
- Re: Which rights are required for TS to work on a DC that is running Server 2003?
  - From: Ivan Brugiolo [MSFT]
- Re: Which rights are required for TS to work on a DC that is running Server 2003?
  - From: Sergey Kuzin [MSFT]