This is what Ive done:
Created a group named "Local Admin" and then created a GPO with Restricted Groups:
Group: DOMAIN\Local Admin
Member of: BUILTIN\Remote Desktop Users, BUILTIN\Administrators
So far so good, users get to do whatever they want with their computer...
I have a few problems with this setup:
* They can access other computers C$, all users can basicly do whatever they want to every computer on the network.
* When they create a folder/files on our network-share the owner is sat as: "Administrators" (Networkshare is a windows 2012 server)
q1: How do I do so that the user only got these privileges to the machine that they are logged in to?
q2: How do I get it to display who created the files and folders on the fileserver?