Windos 2008 sp2 environment. Would like to setup a user to be able to access a limited number of computers, without seeing the entire network or having access to the administrator password. Appears delegation might be my answer or i'm way out in left field. How do i let a user do this? How would the user obtain access to these computers? Thanks in advance.

Hi, Are you using a domain or a workgroup? In a domain environment, you can create a global security group and add the user, you then create another global security group and add the users. ou can then set a GPO to apply to the security group that contains the computers that gives the security group containing the user(s) the "log on locally" and/or "log on through terminal services." You can also log on to the systems manually and add the security group through the local GPO, but this is generally more administrative effort than is desired and necessary. In a workgroup environment, you will be limited to creating local accounts on all of the desired systems. -- Mike Burr

I'm using a domain - where can i get more info on what you are describing? Thanks again.

Creating and modifying groups: http://technet.microsoft.com/en-us/library/cc738263(WS.10).aspx For filtering a GPO to security groups, http://technet.microsoft.com/en-us/library/cc779291(WS.10).aspx User Rights Assignment: http://technet.microsoft.com/en-us/library/dd349804(WS.10).aspx Adding Computer Account to Group, http://technet.microsoft.com/en-us/library/cc780108(WS.10).aspx -- Mike Burr

I've created a security group and added the user who should have the ability to "log on locally" to the computer(s) in this group via GPO. This user can NOT. What have i missed or misunderstood? This seemed to be a simple task.

Figured it out.