For a PC that runs WindowsXp Pro and being a member of a domain, can we
really protect all the files within a certain local hard disk folder
(including its subdirectories) from unauthorized access?

If the following are requirements:
- the group of domain administrators is always (in this case) set as one of
the local pc administrator.
- As usual, we have to allow the domain adminstrator to reset the user's
domain logon password
- access by the Domain administrator group has to be restricted too.
- these files cannot be accessed remotely by any person, including the
administrators
- The local, build-in Administrator account has a password known to the
Domain Administrator
- For example, our Finance Mgr is the only person to access these files and
we want him to be the only person having the key to those files.

My guess the following may be a solution (not too sure if this is correct ):
- while in the Domain user logon, create a folder XX with access restricted
to the domain account user of our Finance Mgr only
- at the end of a day the user must log-off from the Domain user account
- sign-on the pc with a LOCAL user name (not Domain user name) where he is
the only person having the password
- create a special folder LL, under C:\ drive
- set security/share permission to allow access to this folder by the
finance manager local account (who is the Creator) only
- create/move those files from other directories to this folder LL that
requires top-access restriction

I think the above should give the require security but I can't resolve one
problem (actually not sure if there is such a problem), The problem is: when
he needs to go back to the domain, (which is always the case) , can he access
or copy back these files from YY back to LL easily? If it prompts to enter a
password for the local user account, that is not a deal. But if not, is there
a solution?