All of our domain users have local admin rights to their desktops. Removing them one by one can take a long time I am looking for a better solution that can be done at log on time or some sort of powershell script that I can run against a list of computers.
Secondly the account "administrator" has no password assigned to it. Though disabled it can possibly be enabled via safe mode so we are looking to re-anble the account set a password to this account as well similar to question 1 without having to do them one by one. These measure should have been taking into consideration at the time the systems were built but unfortunately they were not -- have to clean up the mess that was made by previous tech.