i am using 2003 server to make domain users local admins on all computers. i am using the group policy managent with the restricted groups in security settings restricted groups. my problem is that when i select "domain computers" to apply to. it puts domains users in my administrators group in active directory. making it an issue b/c then everyone can c everything administrators can. i have thought about making another group and putting all computers in that. or an ou and moving computer from the computers folder to the ou however i thought that might cause some problems. just thought i would ask the best way to accomplish this. the domain controller is not in the domain computers group however so i am not sure how it is applying. thanks in advance.