A Developer needs to be able to see what files are open on the file server (Windows Server 2003) in real time. Previously and on other Servers he has local admin rights which allows him to do this via the Computer Management console. We can't do the same thing on this server as making him the local admin will give him permission to user files that he isn't authorised to have access to. My goal is to somehow allow all the functionaility of Computer Management but without admin access to any of the user files on the server.
Removing the local admin groups permission from the user files is not an option.
Perhaps some group or local policy?