I have 3 accounts in our active directory (W2K) domain. Acct1 is a domain admin Acct2 is a local admin on all machines in our OU, and has rights to modify AD on our OU Acct3 has no special admin rights or privileges.
Acct2 no longer can administer machines. A GPO forbids non-admins access to such things such as control panel, registry editing etc. A group to which Acct2 belongs is denied the right to apply this particular GPO. gpresult /z confirms that this object is not applied. Acct1 confirms that Acct2 is still a member of the local administrators group on both machines that i've experienced this on so far. Just getting troubleshooting underway on this but its preventing me from doing all of the other stuff I'm supposed to be using that account for. I can use the DomAdmin acct for now. Acct2 has a roaming profile. Any ideas much appreciated --Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
