For reference our Head of ICT only has teacher level access.
Having said that a better line of discussion is "What exaclty are you trying to achieve?" As them to list the things that they need to be able to do and you will see if you can do it without giving them domain admin rights. i.e. through NTFS permissions and delegeated control as has been mentioned.
I'd also point out that with domain admin rights they could go through everything if they wanted to. Even if you blocked their access they could take control and change the permissions.
Why do they want admin rights? what have they told the head they are going to do with admin rights?
at our school, when i started all the "admin" staff (i mean the lovely ladies in the office) were domain admins, along with all of the it teachers and a few other random teachers.
the admin staff were because apparently "that is the only way sims and fms will work" :rolleyes:
the it teachers were because they were it teachers.
which was great because all staff were sharing a redirected start menu, and the it teachers quite often decided to uninstall software from computers, removing the shortcuts from everyones start menu.
conficker infections were rife as all these domain admin accounts automatically had access to the C$ and admin$ shares on all the machines and could create schedulded tasks.
new folders would randomly appear and existing ones disapear from the shared area.
loads of other problems, I go on,
Quod erat demonstrandum.
Originally Posted by oxide54
setup a child or seperate domain.
and make her domain admin of that. Problem solved! :cool: