Delegating Add/Remove program authority

[Guest]

We have a user that needs to have the right to add/remove software on a
workstation on the domain. At the moment the user is added to local
administrators group manually but is there a way to allow the user this right
via AD. I have looked through delegation and GPO but can't seem to find that
option.
Thanx

 

[Paul Bergson]

You could use restricted group
This user/group is a member of

Only apply it to the specific machine. Since it is only for 1 machine it is
not a good idea to use a gpo. I would stick with doing it manually.

Computer Configuration
Windows Settings
Security Settings
Restricted Group
Group - Blah Blah is a member of Administrators

Unless you restrict this to a specific machine this group (Blah Blah) will
be a local admin of all machines that apply this gpo

 

[Guest]

Thanks Paul,
I think I understand the principal but I am not too sure about the setting
up.

Firstly as this user frequently re-builds this machine I would like to use
the GPO and it also could apply to other machines too. The user and machines
are located in an OU called OED I have set up a GPO for OED. The user
"oedbuild" is in the OU as is a global group I created called "Becomes Admin"
with "oedbuild" as member (not sure if i needed this). I then followed the
instructions for restricted groups as your thread but when I came to the bit
where it say's add group not sure which group I put in there? After that I am
presented with Members and Members of. What goes in which bit. Sorry to seem
a bit basic

Craig (Kitey)