For some reason, any user that logs in is given local administrator rights. This of course is a bad security risk. What do I need to change in the group policy to stop this, and what is causing it? I do not remember it being this way.
More aboutdomain users local administrator rights
Try to modify this on the User Computer...
Start, Run, Control Userpasswords2, Select the User, Properties, Group Membership...