Delegation wizard doesn't offer what I need. That seems to only be for AD controls, such as creating/deleting GPO's, etc.
As for Restricted Groups...
- Created a new GPO "TESTGPO" (Enforced it in the correct OU with the users/computers)
- Withing "TESTGPO" I added the restricted group "Group1"
- In the "Members of this Group" section I added "User1"
- In the "This Group is a Member of" section there is no possible way to add AD Built-in groups
With that being said...How do I give "User1" the right to only modify TCP\IP on every computer in the domain?
Again, "Group1" is a member of the AD Built-in group "Network Configuration Operators" and "User1" is a member of "Group1". I've never had to mess with the security of a group but I added Authenticated Users with Full Control, nothing.