We have a pretty simple setup. A Dell server running Windows Server 2003 Standard Edition w/ SP2 and 3 Dell workstations all running Windows XP Pro SP3.
We recently had problems with malware attacks, so I went ahead and removed Administrator rights from the workstations.
However, one of the workstations still seems to be have administrator rights. If I go to this workstation and click on Users in the Control Panel, it shows this account as being a restricted "User" account, not Admin. Yet, I can still install programs and do pretty much anything I want under this account, so clearly the privileges are still at the Admin level for this account.
How can I properly restrict this workstation? Does this need to be done on the Server, the workstation, or both?