What is the best way to prevent access to the server console. Have an admin, who's account is at the top of the tree and I would like to block access to the server's console, but only that.

I have tried several ways with no luck, but the closest was as follows:

Set the admin as a trustee of the container object; assigned all rights, except S, for "Attributes" and "Entry"; Added "ACL" property and unchecked all boxes. Admin is also not listed in the Operator tab of the server object.

That pretty much does the trick as far as restricting access to the console, but unfortunately it does create a file system problem. The admin is unable to see the directories in all of the volumes. This problem is visible in ConsoleOne and via Windows browsing. Volumes show up empty.

Appears that disallowing the ACL property affects that... so is there a way around that.