And in response to kevriley, I think you likely get in hot water for making changes to Local Security as it would effect all none admin users of that server which may be undesirable.

Any changes such as this really should be made through and Active Directory GP or Global Policy. Most importantly, if this doesnt make sence DONT DO IT!

You could quite easily turn something on or off or lock certain people/pragrams out and find yourself in even deeper.... umm... trouble.