Restricting adding of local Users/Groups to Domain Admins
Posted on 2006-07-22
Due to some uniqueness of my environment, I need to give domain users local Administrative access to some machines. However one of the no-nos is for these local Adminstrators is to create local accounts, but often then do anyway. How can I restict the creating of local accounts to Domain Admins only?
Environment: W2K3 Standard Servers, Windows XP-Pro clients