Let me be the first to tell you not to. Bert has already given reasons why. Furthermore:

* If users are local admins, they can override any NTFS permissions you have given to limit their access to files/folders on that computer.

* If users are local admins, they can override any Group Policy settings you have given them.

Rule of Thumb: You can NOT deny an administrator. The ONLY account that has any power over users with administrative rights is the built-in account known as Administrator. And the only power it has over users with administrative rights is the power to revoke their administrative status.

To be honest, on a network that is set up properly, you should rarely have to log on as administrator, anyway.

JamesNT


James Summerlin
My personal site: http://www.dataintegrationsolutions.net
james@dataintegrationsolutions.net