I am operating in a single domain in a single forest. I have a user who does not need to be admin (in fact, he has created so many problems we need to remove him as an admin. (i.e. giving domain admin privileges to users so he can install their palm desktop software).
This may be simple for many of you, but for me as a newbie it has presented a challenge. I need this information asap! I have to configure rights for this user who needs to be able to do the following:
Add computers to domain (but not domain controllers or member servers)
Add printers to local machines
Account operator, but NOT for Administrators (He should be able to create/modify users but not be able to add admin privileges or take them away for anyone, including himself)
Do IIS management
Do Exchange management
Add/modify/delete folders on the server
Be an administrator on local machines
Many, many thanks in advance!!