1. create an account that has domain admin rights
2. create & assign a login batch file
3. in group policy,
user config>admin templates>system>policy>custom user interface
point the interface at the login batch file
4. put logoff at the end of the login script.

You can put in different sections for different pcs like:

if %computername:~0,7% == SCI-IT- (
so account logs on does stuff with no shell then logs itself off.