[/quote=docclayton]Users are not part of the administrators group on the domain or part of the domain admin group on the domain[/quote]Isn't that the same thing?
This is why support should answer questions about the program and not about domains and SQL. When a user logs into a computer on a domain, he is authenticating against the server. Once the server recognizes the username and password from Active Directory, that computer is on the domain and can access everything on the server if it has the proper share and permission.
There is no reason at all to run the user as a local admin. There advantages to both but there is no advantage when it comes to permissions to the server.
While not allowing a user to be a local admin does make your computer more secure not only from installing and downloading but from Trojans and hackers not being able to do as much on the computer. But, you do sacrifice two important things. One is if you have your computers set up to lock when the screensaver comes on rather than the computer logging off, the user will not be able to get into his or her own computer. Also, I found when I had everyone a non admin, every time I needed to fix something, it was rather difficult. Sure, I could do "Run as" but even that was a pain. There are 3rd party programs for stopping the download of apps.
Also, if you really want to tighten things up, then don't make "domain users" in your local admin group. Just put in the individual user that needs to use that machine.
Are you taking the domain users out of the local admin group directly from the computer or on the server?
