...
This, however, relies on the assumption that the end user does not know the administrator account credentials. If the user gains access to this information, it creates a significant security vulnerability within the network. Therefore, you can use DualShield to further protect the admin credentials by adding a second authentication step, just like you have for Computer Logon.
This guide assumes that logon to the end user's computer is already protected by the Computer Logon Client. It also assumes that the appropriate token has been assigned to admin user's account.