I'm looking for a way to grant users in our domain temporary local admin rights so they can install software or make a change that's only allowed by a local admin.
I know through AD/group policy i can give them local admin rights but that would require having them log out and back in. Then i would have to manually remove their rights.
Ideally what i would like is a tool on my AD server that i can say 'user xyz has admin rights for the next 30 minutes' and it would apply without requiring them to log out (or if they had to log out and back in i can deal with that). Just dont want to add them to security group then remember to remove them later on, etc.
Needs to be something we can do quickly so if a user calls in and says 'i need to install a software asap' we can give them access right away.
Any suggestions on this?