I have large network with mostly xp users and some win7 users. I want to give some users local admin rights to their computers from Active directory. I have tried creating a GPO and linking it to an OU containing the target computers. Then in restricted groups of the GPO I added the group I wanted to have local admin rights, but when the user logs in they also have admin rights to the server and all the shares. Is there any hope?