I am trying to find the best way to lock my users down from being able to access other workstations via the admin share C$. Currently our network is setup where all workstations had the <domainname>\Domain Users group in each of the local workstations administrators group. This was setup this way because we need every user to be able to install software / remove software / start & stop services update clock etc etc... However we don't want these users accessing other workstations via the remote share C$
I believe i could set each user up in their local admin group and that would stop them from accessing other machines BUT if that user tried to log onto another machine it would not allow them the same rights as they have on their own workstations.