This seems like an easy thing to do, but I can't figure out how. I manage the network for a school, and would like to give staff members administrative rights on their computer and the computers in their classroom but not on the rest of the network. The main trouble they run into is being unable to install programs. They can get around this by logging onto the computer rather than the network, but the problem is that some of them have decided that logging onto the computer is easier and now do that all the time. I want them to log onto the network so their logon script executes and so that server programs and services can more easily be deployed.
We have a Windows 2003 Native domain.