Here is the deal... All of our computers have 'administrator' as the local admin account. We also have a domain account 'administrator' that is under domain admins group. We have the same password set for both, so its universal. We need to clamp down on security and tracking, so here is what we need to do.
I would like to rename the local admin account, for sample purposes lets call it 'god'. I have already done this on some computers without any trouble. This account is for local login and for doing local machine work. I would like to have this account with domain privilidges so it can mount drives/printers, so I made an account 'god' on the domain. But...now since I have the god account on the domain, I can log in anywhere domain\god. I do not want this, I just want the permissions to access drives/printers/resources...but it cannot log in.
local\god - local computer login, **access to network resources**
domain\god - 8*CANNOT login**, ...but I may need this account for network resources, idk.
How can I do this?