OK, first I will admit that I have not done anything with Windows SBS 2k8 r2 so I am kinda going on what I remember from SBS 2k3 r2, as well as what I'm currently running which is Windows Server 2k8 r2 (Standard). So if the latest version of SBS is the same as the older version than it does not support standard terminal server connections and licensing like a regular version of 2k8, but you are still allowed your standard two (2) remote desktop (Administrators) sessions so as long as you can work within that restriction you should be ok.
Configuring the Local Security Policy, as well as the Domain Policy and the Domain Controller Policy is relatively simple, it's just a matter of knowing how to get into each and what to look for. Generally speaking if a specific policy says not configured then leave it alone and it should not cause a problem. Unless you find that you are still having problems after configuring the remaining policies correctly, then you may need to go back in and define them explicitly. Just be careful and don't do anything unless you are sure it's necessary.
First let's start with the local security policy by typing
gpedit.msc
into the search or run dialog box on the SBS server and hit enter.
If the account you will be using is a member of the Domain Administrators Group (Which is by default a member of the Local Administators Group) you should be OK, by default, just double check and make sure.
You're concerned with two groups of settings four in all
Allow log on locally .... make sure that "Administrators" is present.
Allow log on through Remote Desktop Services .... make sure that "Administrators" is present
Deny log on locally ..... should be blank (this is one that you don't want to mess with as it impacts who can actuall set down at the computer and log on as well as Remote Desktop Users, since it's actually the same thing, even though you are logging on remotely, you are actually logging onto the local desktop) so be careful if you add anyone (user or group here)
Deny log on through Remote Desktop Services .... basically the same applies although not quite as disasterously critical.
I recommend creating a special user for remote sessions and make sure that that user is only a member of the "Domain Administrators" group and no others. This will generally support the default settings and should result in the easiest configuration with little to no changes in any of the policy consoles. To edit any of these individual settings just double click and you can edit the users or groups included or excluded. See attachment