How do I apply a GPO to an individual user for his computer only?

[buck614]

Domain: test
OU: Helpdesk
User: bob
Computer Object: helpdesk-bob

Let's say I have a domain with a handful of Organizational Units.

The Organizational unit in question is 'Helpdesk'.
All user and computer objects for the Helpdesk are in the Helpdesk OU.

What I want to do is use the restricted groups option of the GPO
settings to allow 'Local Administrator' access to the individual users
computer. I only want to apply this to the Helpdesk OU. I know I have
to set the GPO up from a WIN 2000 machine. Setting up the GPO itself
has already been done.

My question is, I want to ensure that a user in the Helpdesk OU, can
ONLY have Local Administrator access on THEIR machine. It seems to me
that ANY user in the Helpdesk OU would have Local Administrator access
to EVERY computer in the Helpdesk OU. I do not want anyone to be able
to log on locally to a machine other than there own. Is this possible?

Thank You,
Dave

 

[buck614]

Can anyone help me with this problem? Any help would be greatly appreciated.
Thank You,
Dave

 

[Henrik Johansson]

Place the computers in the helpdeskOU
Create a common GPO for all helpdesk-computers and link it to helpdeskOU.
Configure the GPO with some common settings which shall be applied to all
helpdesk computers.

Create a GPO for each computer and link it to helpdeskOU.
Configure the security for these GPOs to only allow just the wanted computer
to apply Group Policy.
Configure these GPOs with individual settings for the specific computer.