I realize this may be a challenging request, but I've recently run into a situation where it would be very beneficial to have different 'connection settings' based on security group membership.
For example, the IT support group must have "ask user permission" enabled, whereas if an end user wants to connect from a conference room back to thier own PC it would be beneficial to have this feature disabled.
I have the same need.
Is there a way in the registry that you can prompt for a password if you do not have nt permission, even though the NT Permission setting is checked. I could then put application support empolyees in an NT group and allow veiw only. then give my help desk support a password for full control.