Remote Desktop Problem on Windows Server 2008 R2

Revised this question to be more concise, consolidating several revisions.

Symptoms:

From a domain-member Windows 7 Client:

From a non-domain-member Windows 7 Client:

Server Configuration Details:

Windows 2008 R2 Datacenter w/ SP1
The domain in question is a subdomain of a Windows 2008 domain (forest root).
Root has DCs in both Site A and Site B, subdomain only has DCs in Site B.
RDP is operating normally on all root member-servers and DCs.
No remote desktop settings are defined by GPOs.
Network level authentication is enabled; all clients are compatible and the certificate exchange/SSL handshake completes successfully.
Not catching any errors in netlogon log.

If you are seeing SID's in local groups then your DNS or AD access is messed up from that server to either sub or parent domain IMO. RDP access could be a red herring and the real issue is proper connectivity to AD. Do you have event log events talking about unable to resolve account, etc? In a healthy server you should never see SID's IMO (unless accounts are deleted).
It's possible a GPO is affecting member servers security policy "allow log on through Remote Desktop Services" or the often forgotten "deny log on through Remote Desktop Services" inside the computer GPO config. You might be left out of the first or added to the second for member servers GPO, then that could be overwritten at the DC container level by the "default domain controllers policy". Run a Group Policy Results on a member server as you and see what shows up for:

computer config > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignments > two settings in quotes above