In my previous blog post, I brought up a subject many of us would just as soon not think about: how easily a privileged user can totally hose your Active Directory. I described one method there (changing deny logon rights) and promised two more. Ready…