Restricting Domain Admin Accounts
Posted on 2014-04-03
We have IT and dev folks who currently are local administrators of their own systems. We are looking to lock this down with standard user accounts as their main account and have a secondary admin account to use for administrative work.
With that said, we would like for people to use this secondary admin account to do "run as" etc, but want to make sure to prevent users from trying to log onto machines locally with this admin account to use as their main account.
Can this be done?