Ie, the scenario is a school setting.

Ideally everyone should be just User and only admins, admins. But there
are cases where certain teachers should be Administrators, but just on
their own, designated, machines.

Ie a teacher should be admin on just his own machine, but not when
logging into a classroom one?

There is no way to make a rule that checks the machine "owner". Had
there been one, you could have used that.


  • Are you using DLU (Dynamical Local User) and therefore want to use it to make the teachers admins?
    Or do you distribute windows gpos with zcm?

  • Yes, DLU