I've run into a small problem at work. In order for all users to be able to do pretty much anything they want to on their machine, we added the Domain Users group to the local administrators group on each PC. Seemed like a good idea at the time, since it kept us from having to custom configure each user as a local admin (especially when 10+ high-turnover employees accessed a particular machine). The problem now is I've noticed a user can browse to another PC's hidden shares, which are set up by default in XP. In other words, someone on computer XY could get to computer AB simply by typing \\ab\c$. They would then have unrestricted rights to THAT machine as well. Granted, your average user doesn't know about hidden shares. It was suggested that we just disable the hidden share, but I've found it to be extremely useful as a network admin. Can anyone offer any suggestions that take away this privledge from the typical user and leaves it in the hands of the network administrators?