Currently we have a group policy applied to all our desktop OU's that adds the following groups to the destops restricted groups:
NT AUTHORITY\Authenticated Users
BUILTIN\Remote Desktop Users
The issue is we want to give the desktop support team the ability to add a single user to the BUILTIN\Administrators group if needed without Group Policy removing it. Please let me know if there is a way to accomplish this. Thanks in advance!