We are looking for a way to provide whoever logs into a PC local admin rights and when they log off, remove the local admin rights. We need to prevent the users from connecting to other PCs via mapping, thus the need to remove their admin rights when logging off. We tried adding admin rights at login, but since the user is not a local admin (by design) they cannot make themselves an admin. We have looked for script that "adopts" admin authority to provide the user rights, but have not been successful in finding one.
Users move around frequently due to filling in for others, so having IT set them up manually is too burdensome and by need in the industry, the user cannot be allowed to map to another PC if it is logged into by someone else.
I'm confused why you would want to do this at all. If they are not logged on to the PC, why does it matter if they have admin rights? If they are logged off, they are not on the PC so can't connect anyway.
I don't see why there would be an issue with someone mapping a drive, if they have no need to do it, who would think about doing it? Just for fun? You can just remove any shares on the computer, nothing for them to connect to.
i Do not think you can elevate your rights while log in.
for me some of this apps worked after giving admin rights over their directories/registry.
you can try using runas like "cpau" or RunAs Professional.
or using remote tools to set privileges like ms tool "ntrights".