I completely agree with keeping things tidy. My only issue is that we have a small (less than 30 people), and about 10 of these people are techs or management. I can't, and wouldn't refuse to give a tech local admin rights, I would get my @55 ripped for taking away the managers powers, but don't want anyone to have rights to access our old domain, or jack with someone else's machine as them. I don't know if that all made sense lol. I just want to limit the amount of admin rights that I give certain users, while denying others admin rights all together. Thanks so much everyone for your input. I think that I have the idea now. All that's left is the doing!