hey guys but I dont think that the administrator would sit on the client pc for working and I certainly do agree that its not possible to restrict or deny some of the builtin accounts like admins, power users,etc. Moreover if u are denying administrator or the so called builtin accounts you could face some problems just as Timmy said and I feel that denying is not required if u are able to remove the option or at the worst case disabling that option.

If you are able to remove the option then certainly u will be able put it back at the time of requirement(I GUESS, since I'm not sure wether a registry of a remote system can be accessed or not but then I bet this could be achieved by using third party softwares.)

I thing I like to mention is I KNOW HOW TO DENY USERS AND TO DENY WHICH CONSOLE I NEED TO OPEN.

Once again plz dont teach me how to deny.