We normally do the following:
1. For each freshly created PC in AD, add a group to the PC that applies policy.
2. Manually add a domain group to local admin for developers that need it.
I think that I understand how to do #2 (Administrators001=DOMAIN\GroupName in my cs.ini), but I'd like to figure out how to do #1.
The main problem is that #1's policy will be renaming the local administrator account, so I need it to apply before the auto-login step in the deployment sequence (so I can have it properly auto-login and finish the deployment).
I did see this old post, but I was sorta hoping that there was something awesome built in by now, or something easier.