thehorse13,
Now, let's not even get into the various security issues of people installing vulnerable versions of real player, winamp, etc., especially when they end up on disk images
That's why we have each user on our network set to limited accounts. They can't install squat (and we like it that way). Sure, we get grumbles but, at least the network stays clean.

I've been using my method as of late (for quick Admin tasks) and it's working fairly well. I don't need much in the way of remote administration because the farthest user computer is about a 200 foot walk. I have taken what you said under consideration though and plan on reviewing security policies comes Tuesday morning. (yeah, I'm taking Monday off damnit, I need it)

What security policies do you feel should take priority? Domain policy? DC policy? Local policy on each user computer? I'm not really looking for a tutorial here, just a recommendation for which policy would have the farthest reaching effects. I'm guessing by default, the Domain/DC policies would obviously be the most potent but, I'm not a huge fan of messing with system wide security policy for trivial admin tasks. Again, thanks for the replies.