I need a group in my Active Directory which allows users in that group to have full rights to the machine that they log into (local rights), but no AD or network rights. Is this possible?
You will have to create such a group. But you can use Group Policies to adjust the membership so that this group will have Administrative access to the workstations in the environment. However, if you are trying to imply that this access is dynamic in nature -- that is that you log on to a workstation and have admin rights, but when you log off the rights are removed -- that could be very tricky and require some scripting.
This Content Component encountered an error
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.