I would like to know whats the options possilbe in preventing AD Group Policy getting applied to a computer or user.
The reason is we have few users who is having local admin rights on the machine and they are removing Domain Administrators from Local admin group. I am running a login script as part of GPO to add the Domain Admin back to the local admin group everytime they login and i know that its failing. For Group Policy everything else is fine, like networking OU's etc.
So i want to know what are the options they have to prevent GP script getting applied and work that way. Our setup is Win 2003 AD with XP SP3 and SP2 machines.