Greetings, I have created a user group in Active Directory (Grp1) and I want to grant the users in this group the privilege as local administrators on a particular machine. I placed that machine in a separate Organizational Unit in Active Directory and applied a Group Policy Object on that Unit. In the Group Policy Object, Under ComputerConfiguration>Windows Settings > Security Settings > Restricted Groups, I added a new Group "Administrators" and in the "Administrators Properties" I added "Grp1" in the "Members of this group" box.
My goal is to allow these users of this group to log in as local administrators on the machines inside this Unit ONLY. Did I approach this in the right way, or did I give them too much permission. I noticed that they're able to access shared folders on the network where "Grp1" doesn't have security or Permission rights. Thanks.