One of the features that we want is for an administrator to unlock the computer, but when doing this, any administrator on the PC can unlock it. Therefore if the same PC is used by several users with administrative privileges, they can all unlock the PC if it is in use by another user. I would like to have the ability to have only “domain administrators” unlock the pc. Hope this makes sense. Is there a way to limit who can unlock the PC as administrator?
Yes, Screen Pass admin override can be configured so that only Domain Admins can unlock the workstations. Make sure the "Allow local admin unlock" setting is turned off, see attached image.
Also make sure that the "Enable ADS admin override extensions" is turned off. This feature is useful only if you want to allow OU specific administrators to have Screen Pass unlock rights.