I have been asked to lock down computers that we hand out to employees. We currently rename them and then add them to our Domain. Then we add their domain account as an Administrator account of that local machine. By doing this we give them full control to do anything on that machine.
Part of our lockdown process I have so far removed the Administrator account which has helped a lot to lock the machine down but was wondering if there is anything else that I can do without enforcing Group Policy from our Domain.
Also, at this time we don't want to have to purchase software to lock the machines down.
Also, all of machines are Windows 7 Pro x64.
Thanks in advance!!!