I would like to give an OU (help desk) the ability to install and remove programs. I don't want to give them any local machine rights unless they are temporarly granted through the GPO without them knowing the name and password.
In this case, I do not want to publish the application through AD or give the help desk local administrative priviliges even though I can reduce their access to only installing programs.
I don't want them to have a "run as" account or a general account for this.
This is a 2003 AD with XP Pro on the desktop.
Thanks for your help.