How to grant specific permissions to domain user accounts without adding them to Domain Admins group
Posted on 2012-04-12
OK, I am sure this has been addressed before, but I am in a hurry and cannot find anything on it.
Can anyone direct me to links or explain how I can give domain user accounts the necessary rights to add/remove computer objects from the domain and other rights that they may need to perform MS updates and install applications, like Flash Player, Adobe Reader, etc. without them being part of the Domain Admins group? Which is what they are right now. Or is it just too much hassle to manage and just leave them as Domain Admins?
Hopefully that was clear.
Thanks in advance.