I have been hired by a new employer. Their old IT person did wierd things with permissions. One in particular is that all users that RDP to the TS server 2003 seem to have Admin priveleges to the server. In AD they are only members of the Domain User group. The domain user group does not seem to be a member of any admin groups. If I create a brand new user from scratch, it also seems to have domain admin priveleges. How can I restrict these accounts? Is there possibly a GPO in place? The server is also a Metaframe server, but we are moving away from it. Could that be giving the users elevated priveleges?