By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
I need a group in my Active Directory which allows users in that group to have full rights to the machine that they log into (local rights), but no AD or network rights. Is this possible?
You will have to create such a group. But you can use Group Policies to adjust the membership so that this group will have Administrative access to the workstations in the environment. However, if you are trying to imply that this access is dynamic in nature -- that is that you log on to a workstation and have admin rights, but when you log off the rights are removed -- that could be very tricky and require some scripting.