I would like to have the following privileges for a set of users in my AD.
1. They should be able change network settings.
2. Should able to install/uninstall softwares.
3. Should able to log on locally to their systems.
4. Should have access to the control panel items.
I want to achieve these though a group policy. I do not want to make them to any privileged groups like domain admins, network admins etc.. I need to set it up the lap tops of our newly appointed maintenance engineers who should have the above facility. I tried a few things but it gives them more privilege than I want.