Can anyone tell me how to prevent certain users in a group from logging on but NOT apply that policy to the admins or domain admins? I thought if you for example open the default domain policy->click "deny logon locally," and add a group like "restricted users" and put all the users desired in that group then the policy will only apply to those users. It seems I like I applied this rule to myself as an admian as well!! I had to restore to a tape from 2 days ago. EEk!