WE are migrating from NT4 to AD. At the moment domain users are in the local administrators group. Due to the timescales for migration I have decided to use a restricted group and allow only intercative user to be in the admin group. So when the user logs off they will not be able to have admin rights on the PC from a remote location. We have serveral developers that work in a test area, they will need to RDP to their own PC and check email, docs etc. How can I only allow that user to RDP to his/her own desktop using GPO? Is it possible?