Era, if no_root_squash is not set (meaning root squash = on), then it does this by default. Still the user with local su rights can change his userid he uses to mount the nfs drive. Some people with home directories there have su rights. If someone manages to login as someone who has su, then bad, bad things could happen. See
Security and NFS for a more detailed explanation.
I was thinking it could work by giving those who want local admin in Linux no nfs access, but rather samba access, the same as Windows users. (slower, but secure)
Vidyahar85: thanks for trying to be helpful. Unfortunately it is in a network where we can't cross our fingers and hope it works.
NFSv4 has Kerberos authentication, but I am not sure how that could be used to ascertain that the id of the user doing the mounting is that actual person. Anyone been using this?