Common issue with configuration of AD is not applying policies correctly or not knowing how to do this. This can be done on server or client with operating system windows.
I had to forever search online or in my manuals to do this and decided to share the solution For both.
We can do the configuration in "Local Security Policy".
The Local Security Policy will pop up.
This is where we can set the configuration
Now in right part of the window
Double Click on "Allow log on Locally" which will open another window
Click on Add user or group button (mine is disabled)
Select user you want to enable in search prompted and user will be able to login.
Now Windows 2012 Server does not work for previous solution as the button to add user is disabled. This is due to domain configuration.
In our case we have to set this policy for domain, or add user to administrator group.
As for the fact that we could specify user on domain level for each server we want to assign rights, but this will become after couple users quite unmanageable environment. So I do recommend to create groups for specific tasks you need or use tool to do this.
This way you can manage your environment without loosing control