I have a user who is a member of Active Directory (server 2008). His workstation is windows 7.
I need to give him permissions to install his own software updates (he has an electrical program that has updates randomly throughout the month that needs admin privileges to install) .. Now I don't want to make him an admin.
I was thinking of adding his Active directory user account to the "power users" group on his local computer.
That should allow him to run his own updates on his machine, right?
Will this give him permissions to make changes to other network based systems or just changes to his local computer?
Is there a better more secure way of doing this?