I have a group of users in my Windows 2000 Server domain named COMPANY, who are experts enough to bother with all things.
At the beginning I had them as Domain Admins. Currently I restrict them to Domain Users. What I am actually looking is to give them access as if they were Domain Admins, but DENY them altering TCP/IP properties, gateways, joining other domains, and generally anything that has to do with altering the network thingies as well as registry.
Is there a way of allowing them everything apart from these, and how do I do it?