First, you need to create a security group called Local Admin
Next, you need to create a group policy called “Local Admin GPO”
Here you will add the Local Admin group to the Local Admin GPO policy and put them in the groups you wish them to use.
In the Add Group dialog box, select browse and type Local Admin and then click“Check Names“
Log on to a PC which is joined to the domain and then run gpupdate /force and check the local administrator's group. You should see Local Admin in that group now. Make sure all PCs you want to access should be move to an OU and properly link above GPO. Tom and Bob domain users can now access all PCs remotely as a local administrator.