Before you start, I have read all the frightening information about granting domain users administrative rights to their local PC's. I am aware of the dangers, but I am also aware of their needs. What I am not aware of is how to accomplish the task at hand.
I have two different networks with Windows 2008 servers. I am able to use the GPOs to perform all the drive mappings based on group membership.
What I am trying to figure out how to do (successfully) is to permit "Domain Users" to have administrative rights to the local machines. I have followed a couple of suggestions and they simply do not work. I then read about the dangers of modifying the Default Domain Ploicy (which is what I have been doing for the drive mappings) and became concerned.
So my question is this:
I need to know the proper "safe" way to create GPOs that will allow me to map drives and grant domain users local administrative access without adversely effecting my domain security.