but that's the problem with making users Local Admin.
SyedJan
NTFS permission is the best option for this scenario.
Ryan McCauley
As a different angle, can you explicitly grant the users the permissions for which they currently need local admin rights? You say they need it "for other reasons", but what other reasons are those? It may be cleaner to make the users regular domain users, and then explicitly give them the rights they need so you don't have to grant them local admin, which has any number of other implications.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
Jan MA CCNA