i have a user who knows how to access other workstations local drive remotely by using c$. at the same time, the person also knows a domain admin account and uses it to be granted access to the remote drive. i want to restrict that user from accessing remote drives of other workstations but not restrict the shared folders that is allowed for him to access. aside from changing that password of the domain admin account, what else could I do to restrict the user?