How do we set up about 3 users through group policy or AD to have local admin rights on all computers that are on the domain except for domain controllers? This is for a company that has 1 SBS 2003 server, 1 Terminal Server, and 1 File Server. We do not want them having those rights on the servers, just the local computers that are joined to the domain. All of the computers are Windows XP. We don't want the other users to have local admin rights, only a select few. We have tried several other posts yet nothing seems to get us where we need. The other posts tell us to create a new OU, add a group, then add that group to "administrators". The issue is that they then are administrators of the domain and the servers, not just the local pc's. Thanks in advance for any assistance!!