I'd head towards using PowerShell DSC. As ASB points out, you can grant the right to reboot fairly easily, but patch application will require a more finessed approach.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Friday, January 20, 2017 1:32 PM To: [email protected] Subject: Re: [NTSysADM] Adding *only* reboot right for domain user to a local host, remotely ... And you'd win that bet. :-) I managed to convince him that we will test this starting next week, and hopefully have it all in place for next month's patching. On Fri, Jan 20, 2017 at 1:50 PM, Michael Leone <[email protected]> wrote: > On Fri, Jan 20, 2017 at 1:11 PM, Andrew S. Baker <[email protected]> wrote: >> >> I see a fun weekend ahead. >> >> It seems that you have about 3 hours to test before you leave (as of my >> email). >> >> I'd be more willing to gamble on whatever limited testing results could be >> obtained vs an internet answer, if the "ideal" goal is to be achieved. > > You should gamble on me putting my foot down, and refusing to make > such a system wide change without any kind of adequate testing. > Especially when I am the only guy who knows another about Group Policy > here ...
