I tried earlier to get the needed information on this at:
https://www.experts-exchange.com/questions/29156187/Assigning-Rights-in-a-small-domain.html
I didn't quite get what I needed and had to press on.
I now have a couple of IT folks who are set up as Account Operators at least.
But this isn't adequate for them to get the Windows Firewall Rules set up on a new computer.
I've only been able to do that as a Domain Admin - which I don't want to do and don't want THEM to do.
What minimum Membership (or other settings or privileges) do I need to give them to be able to adjust the firewall (and other things in setting up a new workstation?).
Server operators get system access.
You could use GPO with a sevurity group that is added as local admin on workstations.
Restricted group.
Firewall settings can be managed through GPO