I'm gonna assume his laptop isn't on a domain, since his user account is an administrative level account (as you pointed out with the admin group stuff) he can just go back in to the security permissions screen and allow himself access again...It'd seem like this shouldn't be possible but in the computer religion (which all computer geeks/nerds follow) rule number one is "The Administrator is GOD, and as such has godly powers"...hope this helps
|