I have a domain environment with Windows 2003 Server.I have 10 dhcp clients.
Is it possible to implement a policy to restrict the domain administrator from login to the domain from the dhcp client.:confused:

I don't think so, but why would you want to do that? It is better to just change the Administrator account name and use a secure password, and guard that. You will eventually need to do administrative tasks on end workstations, and if you block the administrator account from logging in then how would this be done?

I suppose that you could use group policy prevent local login of that account. But this would be applied to all computers, including the server. I don't know of any way to apply a GPO to just DHCP clients.

Thanks for answering.
First of all I cannot change the Administrative Password because of the SQL and so many reasons.
How about I make an Organization Unit and put that Specific DHCP client in that OU and then implement this policy..Will it work?

I kind of doubt it. Windows is designed to always have an Administrator account, so trying to remove it or block it is probably not going to work. I still don't see the point of locking out the Administrator account. On a typical domain you just wouldn't let the admin credentials into the hands of a general user, or anyone who shouldn't have those rights.

The allow logon locally GPO is a list of users who have rights. This means you need to create a whole group of people who would be allowed but that the administrator isn't a part of. Plus if you look right on the policy editor it says Administrators MUST have the logon locally ability. What is the security issue you are trying to take care of?

BTW you can always change passwords regardless of what services run. If SQL is using Windows based authentication it will pickup the change. If it is using SQL based authentication then it is totally separate from the Windows password.