do they do installs? RDP is needed for that.

Is remote DAC enabled so DBAs could get on if SQL is unresponsive?

whilst all SQL based work can be done via SSMS having RDP access makes it easier for DBAs to do the full range of their tasks especially when troubleshooting so why do you want to make it harder for them? A dBA can do a lot of damage (including branching out to the OS) via the high level of access they will have in Sql server, so what are you trying to protect against?

If a server supports SQL DBAs should be trusted as much as the sysadmins on that server.