Right now I'm running a winodws 2000 domain. I want to give my four help desk users the ability to do the following ONLY
-Able to add / remove a pc to the domain.
-reset user's password. but cannot reset domain admin or service account password
-is a member of the local admin's group on all workstation and not on servers!!!!!!!!!