local admins group policy

i am using 2003 server to make domain users local admins on all computers. i am using the group policy managent with the restricted groups in security settings restricted groups. my problem is that when i select "domain computers" to apply to. it puts domains users  in my administrators group in active directory. making it an issue b/c then everyone can c everything administrators can. i have thought about making another group and putting all computers in that. or an ou and moving computer from the computers folder to the ou however i thought that might cause some problems. just thought i would ask the best way to accomplish this. the domain controller is not in the domain computers group however so i am not sure how it is applying. thanks in advance.
sbalk23Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shift-3Commented:
First of all, don't add Domain Users to the local Administrators group.

If you have badly-written software that won't run under an ordinary user account, use Process Monitor to determine what files and registry keys it is trying to access.  Grant users permission to access those specific files and keys.

If that doesn't work and you absolutely must make users administrators on workstations, then add the local INTERACTIVE account to the local Administrators group.  This will give administrative privileges to the user who is interactively logged onto a workstation, but will not give them those rights to other machines over the network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ThinkPaperIT ConsultantCommented:
any specific reason why you need to make users local admins on the workstations?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.