So were still running Windows XP in a 2003 AD enviroment and idealy we want to lock down the users to well just users. But due to dodgey programming or security reasons we need to add around 5% of users to a special group called LocalAdmins which is added to the local administrators group via a GPO.
Now the catch is that because they are part of this group and the it's domain policy, means that they have local admin rights to all computers (Servers are blocked). Now Idealy we could add there domain account to the local administrator grou on the computer, but the domain GPO will strip this out!
Does anyone know of a way / best practice to make users an admin of 1 computer using a centralised method?
Thanks in advance.
Now the catch is that because they are part of this group and the it's domain policy, means that they have local admin rights to all computers (Servers are blocked). Now Idealy we could add there domain account to the local administrator grou on the computer, but the domain GPO will strip this out!
Does anyone know of a way / best practice to make users an admin of 1 computer using a centralised method?
Thanks in advance.