amkahal wrote
another question came to my mind, what is the reason (or the right) that lets the admin access all my files, note that my PC is a part of a domain but i log on to my PC locally, is this reason enough to be able to get full privileges on my PC ??
On Windows machines, when you join a domain, the domain admin gets Administrator access to your computer, just like the local Administrator. He can log into your machine using his domain admin username/password and have access to all the file, just like the local Administrator account. He can also do it remotely, and can access therefore your files without having physical access to your machine.
It is built into the Windows OS. If you can log in as local administrator, you might be able to change some things to block that (I'm not sure what), or you can simply remove your machine from the domain, in which case the domain admin cannot log into your machine anymore, but it might have lots of side-effects, especially if you use a lot of network shares to transfer files, etc, not to mention attracting the attention of IT.
One of the reasons it is like this is for domain admistrators (IT personnel) to be able to install updates on your machines, perform backups, etc. (also remotely) without needing your password every time. The Microsoft domain system was designed for corporations and this might also be a consequences of the corporate philosophy/thinking (as pointed out earlier by d3ad) that they own everything inside their offices, including to some extent you (the employee)!
IT personnel anyway like this feature because it allows them to push updates, install software, do backups or in general perform maintenance without needing to contact the user every time. Good ITs don't go snooping around user's data - they have better things to do, but you never know, so be smart.