|
I like this idea (which includes some from other ideas):
1. Create a global account.
2. Add the global account to the local administrators group (on the ghost image, perhaps?)
3. Add to logon scripts to remove local admin rights from all network accounts but Domain Admins after a set period of time after the install date (assuming you use sysprep prior to your image) (1 to 7 days?)
Brian
| 
