Ok, here's one for you. I am responsible for 26 window servers at the company(university) I work for and will be getting 10 more servers within the week. Our group just took over these servers a couple of months ago so however they were handled before we really don't know. We have been having alot of headaches dealing with another group within our company who run PeopleSoft software on these servers. Here's the situation, we are wanting to implement Group Policy on all the servers and users since they are all in a domain. The problem is the PeopleSoft group strongly believe they need Administrative Rights in order to run their processes. They claim to need access to the registry, services, the ability to reboot, etc. They are strongly opposing any kind of restrictions on these servers. This is a total nightmare to us as you will probably agree. We've already had one instance where we noticed someone(hacker) had gained access to one of the servers so we had to cleanly install everything back in with new passwords. So now we have been asked by upper management to prove or come up with documents stating why we need to restrict users and on what conditions to do this. I have been researching and found several articles about best practices for security, etc. and am writing this to hopefully get ALOT of help in finding other resources in order to basically show upper management that restrictions on these servers is a must. All help will be greatly appreciated.