I have a mobile user who's been issued a company laptop and set up with a basic user account and a rather expansive list of restrictions due to prior cases of misuse. It turns out this user does legitimately need the ability to edit and set up new WLAN connections, however, and is currently unable to do so without entering an administrator password at a UAC prompt. They travel frequently and so encounter a wide variety of wireless networks at transit hubs, conference centers, hotels, etc.
Obviously I can't remote-connect to address this issue since there would need to be an existing functional connection in order for me to establish a remote session.
How do I allow them the ability to edit and set up new wireless connections without compromising the rest of the user lockdowns I've put in place? I do have access to GPEdit on this system, so I can definitely use policies if need be.