Hello, long time lurker, first time poster here!
Tried googling this, but kind of hard to use keywords that generated results I need.
I am currently getting into group policy after getting my first job where I can actually utilize group policy/active directory to my liking, and I have an example which I believe best describes my concern.
Lets say I create a GPO that removes control panel to a number of users. One of these users at one point is doing something that requires me to adjust a setting in their control panel. Or if I have an OU set to not allow software installation, but then I need a piece of software on that machine. The ways I could think of doing this are as follows:
1. Remove them from the OU with the policy, and put them in a "free for all" OU which I would create for situations like this, log onto their machine remotely as their username, make the changes, save them, then go back on the DC and put them back in the original OU
2. Log into their machine with admin rights, make the changes, then log them back in (Issue with this is for some circumstances, such as IE settings, I don't think they would stick when I logged back in as the user)
3. Say heck with locking people down and hope for the best =P
Thanks guys and sorry if this is a noob question, I pretty much spend first couple years in IT doing smaller tasks (Virus removal, hardware swapping, troubleshooting user issues)