We recently went through a security audit and delegated permissions to new accounts and moved away from daily use of our domain administrator account. We ran into an issue when logging onto some of our servers with our new accounts.
The issue was caused by missing security settings on the default profile. For some reason, only the machine/administrators account was included. The issue persisted even if we directly added our new account to the local administrators group.
The solution was to correct the permissions on the default folder. The options shown below may not be the best practice but were taken from other working servers.