A Win2K server with Terminal Services is part of an NT4 domain (not acting as DC or anything so no AD is active)
There are 2 users of this domain that will log on the NT domain through the 2K server's Terminal Services. I want to limit these users activities and prohibit display of Control Panel and set some other settings described on the Administrative Template on the Local Security Policy Snap-in.
The problem is that every change on the Administrative Template affects EVERY user/group on the 2K machine including the Local/Domain Administrator.
Is there any workaround, so that the local Administrator overrides the Administrative Template settings ?