Hi,

We are looking to remove admin rights (yes I know!) from staff but want to enable certain users to reapply for them. All great in principle but we are struggling with delivering this via DLU.

The policy states that staff can only have admin rights on their machine and any other machine they go to gives them user access.

So far we have tried the following to get this to work..

Applied a machine assigned DLU that sets user login to USER
Applied a user assigned DLU to the user that over rides the machine policy
This works but means the user can login to any machine as they have admin rights.

To attempt to get around this we have tried:

Applied a machine assigned DLU that sets user login to USER - no exclusions
Applied a user assigned DLU to individual users (one for each member of staff who requests DLU admin) and then excluded them from all machines and included the machine they are being given admin rights on.

This appears to work but actually they can still sign on to machines that they aren't supposed to have admin rights on.

The problem here seems to be the exclusion / inclusion rules on ZENworks.

Has anyone else managed to do this?

Neil.