Would like to use Restricted Groups to standardize the local
Administrator group as much as possible. However, on SOME PCs I have
to have non-standard domain users with Administrative privileges.
I THOUGHT I could get around the "wipe and replace" behavior of
Restricted Groups by having it add a local security group to the local
Administrators group (add the local group but not specify the
members). It LOOKS like it is working. The local group is in the list
of Administrators in the GUI and in "net localgroup Administrators"
however the domain users contained in the local group cannot perform
What am I missing?
Is there a better way to get some flexibility of Administrators on a
case by case basis?