Friday, January 2, 2015

Default GPO permissions

full access of group policy

  • domain admin
  • enterprise admin
  • creator owner - same level as domain admin but within delegated scope
  • local system

read/apply : authenticated users

grant additional permissions

  • create : add to GP creator/owner or GPMC permissions
  • editL r./w via GPMC
  • link mgmt: delegation in GPMC or DOCW (right-click OU for delegation wizard)
  • modeling/results: delegation in GPMC or DOCW

Group policy Creator Owner - allows access to all GP in domain or narrow it down to OU level

Granting GPO permissions via GPMC 

delegation tab limited in only link GPO and modeling/analysis.

but Advanced option allows for granular permissions for GPOs.

1 comment:

  1. I am very happy to locate your website. I just wanted to thank you for the time you spent on this great article. I definitely enjoyed reading it and I have you bookmarked to check out new stuff you post.