Currently we have a User Admin GPO using Restricted Group that has Group = BUILTIN\Administrators and have Members =
My goal is to have some of the users be local admins only their assigned machines and accomplish this via GPO. So they should NOT be able to log in to another machine and still be admin, they should only be a local admin on their specific assigned machines. How can I achieve this? I'm assuming that it has to revolve around adding the computer name or something possibly? Right now if I add them manually to their machine and the machine reboots they lose their admin rights.