I would like to create an account for a third party individual to allow them to access any domain pc and have local administrator rights only, NOT domain admin rights.
I was thinking that this was done if you made them a member of the xxxxx.local/Builtin Administrators group. Is this correct?
Is there a better way to allow the user 'local administrator' rights on to domain pc's and not domain controllers or even any member servers that we might have?
Please let me know as soon as possible.
Thank-you in advance for taking the time to respond back, it is greatly appreciated.