My account and my admins can remote into any machine on the network, but standard users get an "user not authorized" error. The only solution I've found is to manually add the users to the Approved Remote Users on the local machine. How can I do this server side?
I have everyone added to the Remote Desktop Users and the Remote Desktop Users enabled in the GPO Local Policy -> User Rights Assignment -> Allow terminal services (remote desktop) users. I figured this would be enough but the only way I have been able to make it work thus far, is to add these groups manually to the users machines.
When I go to remote in, I get a "the connection was denied because the user account is not authorized for remote login"
The domain Remote Desktop Users group is for granting access to your Domain Controllers, not your RDS servers. You need to add your domain users and/or groups to the local Remote Desktop Users group on each of your RDS servers.
This article was written for Windows Server 2003 but is applicable as it relates to the usage and purpose of the domain Remote Desktop Users group:
https://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx
As you said, you need to add the to the local Remote Desktop Users group. If you want to set it up "server side", the solution is to create an AD group, add the needed accounts to that group, then create a GPO setting "Restricted groups":
http://social.technet.microsoft.com/wiki/contents/articles/20402.active-directory-group-policy-restricted-groups.aspx