Initiating a remote desktop console session as NonAdmin
On of the problems I've encountered running with an LUA account is the inability to initiate a remote desktop console session. It's possible to connect to a console session that is already started though if it is with the same account.
For those of you who don't know what a "Console" session is, the best way I can describe is that it is the session that is associated with the Physical console. You can have several Remote Desktop sessions in progress but only one console session. However these background RD sessions are only available on the server versions of Windows. With XP there is only one RD session and it is the console session.
My frustration finally led to action a couple of weeks or so ago. I poked around on some mailing lists and MSDN and found the problem. You can fix this permission issue by updating the permissions for the desired account on the Win32_TSPermissionSetting WMI class. Use the AddAccount() to give the account the desired level of access.
This can easily be done through the command line.
%SystemRoot%\System32\Wbem\wmic rdpermissions where terminalname="console" call addaccount "domain\yourLUA",2;
Warning: The option 2 will give the account complete access to the "console" session on your box.
Note: I have only tested this on W2K3
Link to MSDN