I need to add the users to the local administrator group on their workstations. I know that this represent a security risk but I have no option. This is for a computer lab in a small university. The users need to be copying files to their flash drives and since they do not have local administrator rights they are not able to iinstall the flash drives. They need to get a person from IT to log as a local administrator. I need to do this in the safest way. What can I contol with GPO or any other way to give the user log in as local administrator the minimun control over the network resources. For instance I don't want then to be able to go the dos shell or to install executables.
Thanks for your help