So, I guess what you're saying is the user knows the local administrator
password or has another account, eh? Delete the user's local account and
change the administator password to something he doesn't know.
You could use GPO's on OU that holds computer accounts and create a Security
policy defining Log on Locally right which should include only domain
accounts.
--
Regards
Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed) http://ladava.com
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.