I've created a domain user account which I would like to delegate some administrative rights for him to manage a particular OU. On the GPO for that particular OU, i created a Restricted Group name (Administrators) and add that domain user account as one of the members beside the Domain Admins. For the field "This group is member of" i put there "Administrator" as well.
Yes, the GPO successfully deployed to each and every PC's. The problem is, I only want this domain user to be added as a Local Administrator but then this restricted group created indirectly added this domain user as a domain administrator. How should I go about it ? What is the best approach for this?
Btw, I'm running on Win2k Server and mostly clients are using Win2k and XP.