How do I add few users to all domain client computers uing GPO? I know I can add a GPO under Restricted Groups and the group belongs to adminstartors. The problem is that will also make them the domain controller administartor and they have full access to their own account to add themself to domain admin. I just want the desktop support tech able to have admin permission to all client computers. Thank you in advanced for your help.