i am running a win2k3serv domain, with 2 servers. one is a DC, dhcp, dns, other is application server.
this is a very basic question, but i cannot think of the answer:
i have 2 techs working under me, i want them to handle all desktop support throughout the network. therfore they need to have admin rights on each machine with there domain login.
so i put them both in the domain admins group, this accomplished my needs- they are local admin equivelants at any machine they log on to.
the problem is that i do not want them to have admin rights on the servers, but they have same rights on them as client machines.
what can i do?
thanks for the help.