Odd.. made me go back and check our Login script as we use the @PRIV macro for generic privelege checking, mostly to display a message to users with admin rights.

I logged into 3 servers as an admin and @PRIV detected me being a domain admin and displayed an "Admin Alert" message. I then logged into a dev server with my non-admin account and did not get the message. Logging into my local workstation (where I am a local admin) with my regular account, the script used the logic in the LocalAdmin UDF to properly detect that I was a local admin. These are Win7, Server 2003 and Server 2008r2 systems, and @PRIV seems to work for all Domain Admin logins, and LocalAdmin() UDF works as well. Here's the Debug Dump from the login script on the DC:
 Code:
NAC Checking is ENABLED.
=========================================================
2012/09/07  -  13:41:06
          Kixtart: 4.62
          Version: 2.8.1_ts
         INI File: C:\Temp\2\login.ini (cached)
             User:  / Administrator
         Language: (1) / English (United States)
           Locale: 1033
      LoginServer: \\ICDCP01
           Domain: CORP
       User OU DN: DC=corp,DC=itcg,DC=lan
   User OU Offset: 0
          User OU: corp
  Wkstn OU Offset:
      Wkstn OU DN: OU=Domain Controllers,DC=corp,DC=itcg,DC=lan
         Wkstn OU: Domain Controllers
       Logon Mode: 0
           Laptop: 0
     Detected O/S: Windows Server 2008 R2  / Version 6.1
        Privelege: ADMIN
  Local Privelege: Admin
        ScriptDir: \\corp\netlogon / \\corp\netlogon
         StartDir: \\corp\netlogon
     User Process: 0
     Session Type: RDP-Tcp#0
      LP Hard Map:
      Debug Level: 1
The results from my workstation are slightly different:
 Code:
     Detected O/S: Windows 7 Professional Edition / Version 6.1
        Privelege: USER
  Local Privelege: Admin
This shows that my @PRIV is USER, but local privelege is Admin.

The code I use in our login script is something like:
 Code:
If InGroup(@WKSTA + '\' + SIDtoName('S-1-5-32-544')) - 1 + @INWIN
  $LPRIV = 'Admin' 
Else
  $LPRIV = 'User' 
EndIf
$IsAdmin = InStr(@PRIV + $LPRIV, 'Admin')
This sets $IsAdmin to true if either Local ($LPRIV) or Domain (@PRIV) admin rights were detected.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D