I am looking to lock down some more junior administrators on site. I am pretty familiar with the Delegation wizard and was looking to use this for the more basic tasks - Ultimately in some cases I want to remove the Domain Administrator rights.
I am looking to achieve the following and would appreciate the experts view on this:
Admin needs to be able to add remove users etc - Delegation Wizard any need to create custom task pads?
Admin needs to be able to install drivers locally / remotely using RDP - Restricted Groups?
Admin should NOT be able to create or link group policies.
Admin should be allowed to add and manage print servers / file shares
Admin will need to be able to create administer mail boxes in Exchange 2010
I was looking to create a new Security Group Junior Admins - add that into restricted groups (adding rather than replacing) to provide local admin rights over the computers / servers within OU's specified.
Does anyone solutions to the other aspects above?