Is there a way i can create domain account where a user can make changes on a domain computer such as add\remove programs, add\edit\delete files within the root, but not be able to use that account to join a computer to the domain, or log into the domain server.
not a server, a domain computer. ex. a computer used to check in people at the front office at a business that is part of a domain…….i’m assuming i should have said a computer joined to the domain???
I don’t want just anybody in the IT Dept. to have access to log into the DC. I only want them to have the ability to log into a computer joined to the domain, or a computer on the domain…(by the way, how in the hell Do i say that? sounds weird.) and make any changes that they need to, except for having the power to log into the DC, or join a computer to the DC.
Like a power user or something like that. I’ve seen tons of answers on the web, but none seem to be specific to the point. I would assume this would be a common request by IT administrators…..or not?