Hello i need help with my GPO SETTING in my enterprise (single forest) i have techninician people who when they join a computer to the domain they put it in the Computer container and give the users Local Administration rights on the computer. so to avoid that i created an OU called Stock and now i want to design a GPO so that these TECH GUYS WHO BELONG TO particularSecurity group won't be able to put the users as Local Administrator of their computer when it's inside the STOCK OU. I don't want them to be able to do any thing to the computer once the Computer is in that OU
I know i can use restricted Group but i'm confuse about the Group and member Of interface
I need help on my GPO settings, Delegations etc ....