Hope you are all well and can assist.
We currently have a scenario in our environment where ALL Windows XP users are members of the local administrators group by way of adding the INTERACTIVE group to the local administrators group.
The reason we did this was for various reasons including allowing tasks and processes to run under the context of the currently logged on user.
However, what we have discovered, is that these same users can remote desktop to ALL machines in our environment since they are part of this interactive group in the local admins.
We are moving to Windows 7.
We wish to stop users being able to remote desktop to other peoples' systems, but at the same time, allow them administrator access on their own machine.
Any help on this would be greatly appreciated.