By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
I need a group in my Active Directory which allows users in that group to have full rights to the machine that they log into (local rights), but no AD or network rights. Is this possible?
You will have to create such a group. But you can use Group Policies to adjust the membership so that this group will have Administrative access to the workstations in the environment. However, if you are trying to imply that this access is dynamic in nature -- that is that you log on to a workstation and have admin rights, but when you log off the rights are removed -- that could be very tricky and require some scripting.