A little background and info: I support a number of people who for one reason or another need to be able to do things a local admin can do like install programs and start services (or more accurately allow a program they're running to start a service). All users are in the local administrators group. The local admin account is enabled (and renamed) so that we as administrators have local access when the machine comes in for service. The machines are joined to a AD domain so that we can control a lot of the security via GPO. Everything worked fine in XP. We are getting a few different "you do not have permission" errors. When the user tries to run OpenAFS (which starts a service) they get a "you do not have permission" error. There is no way around this error. Also, when the users try to run Lotus Notes they get a "you do not have permission" error. When we go into compatibility mode and check the "run as administrator" (or just right click and "run as administrator) it works fine, but they have to click the elevated privileges. The program was installed while logged in as the user. Again, all users are members of the local administrators group. When the local admin account logs in all these programs run fine. This behavior started in Vista and I chalked it up to "vista sucks". Windows 7 so far seems to be great, except that like in vista, members of the local administrators group are not really local administrators. How do I make them true local administrators?