I have been struggling with this one. How can you, by Group Policy, add a certain global group as administrators to local machines. I have a desktop guy who's not ready to be a domain administrator yet I would like him to add/remove workstations to the domain and create user accounts and such. Anybody have a efficient method of achieving this? I read somewhere on EE that this was possible by using 'Restricted Groups' under computer configuration but when I looked there it wasn't very intuitive!