Without having more detail, I would say that you could use a combination of user permissions and user-level group policy. It's hard to say more than that without knowing exactly what it is that you want to restrict them from doing. As a rule, you should look to grant permissions/policies that give them the bare minimum they need to perform their job functions.
Devin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 30, 2007 2:19 AM To: [email protected] Subject: Active Directory What is the easiest way to lock an lower level administrator from using the PC via Active Directory? When disabling a computer what else can be done with out having to block the IP address or MAC to make sure the PC does not get on the network and or changed the computer name?
