We have a domain with Domain Name "DOMAIN" and print server "PRINTDC and I would like to know the following things:
1) add all my support group (this is a Group with name "support" to which all support staff is added/member of) automatically to local administrator group of pc's (which are connected to domain) when ever they login to any pc in the domain (for there daily work) I don't want to grant them domain admin rights, so for this do we need logon scripts (is yes then please provide the script and how to apply it) or we can do it with restricted group policy (if yes please provide how to configure it),
2) Support staff require the privilege to rest the password of users and take the pc's into domain I don't want then to login to the server so how can we give them this privilege,
3) There is a print server (Example: "PRINTDC" is the print server and member server of my Domain Controller "DOMAIN") where all the printers are configured I would like to know is it possible that my support team should have the privilege to configure the printers without able to do anything on that print server and I don't want to give them admin rights (they should not able to modify any configuration except just configuring printer or updating the drivers of the printers).
Please provide your suggestions according to the points mentioned above,
Thanking you in advance,
Thanks & Regards,