We have a rather unique environment for our industrial computing systems in which there must be a common local administrator account on all of our computers. When people use terminal services we would like to log their access, this is not possible if people log in as this local administrator. How can I restrict access to only allow active directory accounts that are in the administrator group? In other words, an account may be created locally in the administrators group, but it will not be allowed to use terminal services, and a domain account in the administrators group will be able to. Thanks!