Yeh I know its a crazy mad back to front question and why on earth would you do it as it defeats the object of having the domain users in the domain users group.
The company I have just started work for, have an ancient 16bit application a little bit like CAD well it functions the same as CAD as it happens, its just no where near as good as CAD, and it only works correctly if,!!! (get this) you are a member of the PCs LOCAL ADMINS GROUP, its all red tape as they would love to buy a decent app but someone must be getting a big back hander to keep it, as they have to use this ancient 16bit app, dont ask!!!.
They are moving over from a peer to peer shortly to a full blown 2003 domain with XP clients.
Im trying to figure out how to allow these engineers who use this program to be able to use roaming profiles so as to allow them to roam obviously but also to use this ancient annoying app.
Im not even sure if I can add DOMAIN USERS to the PCs LOCAL ADMINS GROUP and if I can not to sure how, as Ive had a look but cant see how. Also the security implications could be mind blowing (normal domain users in a Local admins group).
If this is'nt possible maybe group Policies might get round it.
IF not we may simply have to designate certain PCs to be only used for this APP, which will not be a popular decision.
If anyone has any alternate suggestions I would appreciate it.
Also is it actually possible to add Domain Users to the PCs local admins group and if so how.