ENTERPRISE

Active Directory Domain Services 2008 : Delegate Permissions on a Group Policy Object

10/1/2012 2:16:13 AM

Delegate Permissions on a Group Policy Object

Scenario/Problem: You created a GPO and linked it to an OU. You need to provide members of a group the capability to edit the settings in the GPO.

Solution: Delegate the permissions on the GPO.

To delegate permissions on a GPO, perform the following steps:

1.
Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.

2.
Click Start, click Administrative Tools, and then click Group Policy Management.

3.
In the console tree, expand the Group Policy Objects node and select the GPO on which you want delegate permissions.

4.
Click the Delegation tab, shown in Figure 1.
Figure 1. The Delegation tab.

5.
Click Add.

6.
In the Select User, Computer, or Group window, type the name of the group to which you want to delegate permissions; then click OK.

7.
On the Add Group or User window, shown in Figure 2, select the permission you want to delegate and click OK.
Figure 2. The Add Group or User window.


Modify Delegated Permissions on a Group Policy Object

Scenario/Problem: A group was previously delegated the permission to edit a GPO. You need to also allow the group to modify security on a GPO.


Solution: Modify delegated permissions on a GPO.

To modify delegated permissions on a GPO, perform the following steps:

1.
Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.

2.
Click Start, click Administrative Tools, and then click Group Policy Management.

3.
In the console tree, expand the Group Policy Objects node and select the GPO on which you want to modify delegated permissions.

4.
Click the Delegation tab.

5.
In the details pane, right-click the group for which you want to modify delegated permissions; then select the permission you want to delegate, as shown in Figure 3.
Figure 3. Selecting the permission to delegate on a GPO.

6.
Click OK on the confirmation to change permissions.

Remove Delegated Permissions on a Group Policy Object

Scenario/Problem: A group was previously delegated the permission to edit a GPO. This group no longer requires the permissions to edit the GPO.


Solution: Remove delegated permissions on a GPO.

To remove delegated permissions on a GPO, perform the following steps:

1.
Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.

2.
Click Start, click Administrative Tools, and then click Group Policy Management.

3.
In the console tree, expand the Group Policy Objects node and select the GPO on which you want remove delegate permissions.

4.
Click the Delegation tab.

5.
In the details pane, right-click the group for which you want to remove delegated permissions and click Remove.

6.
Click OK on the confirmation to remove the delegated permissions, shown in Figure 4.
Figure 4. Removing delegated permissions on a GPO.
Other  
  •  Microsoft Dynamic CRM 2011 : Working with Contracts and Queues - Working with Service Queues
    •
  •  Microsoft Dynamic CRM 2011 : Working with Contracts and Queues - Activating and Renewing a Contract
    •
  •  Simulating SOA : The Ideal SOA Simulator
    •
  •  Simulating SOA : Simulation, and Why it Suits SOA
    •
  •  Programming .NET Components : Building a Distributed Application (part 7) - Providing a Host as a System Service
    •
  •  Programming .NET Components : Building a Distributed Application (part 6) - Remote Callbacks
    •
  •  Programming .NET Components : Building a Distributed Application (part 5) - Creating Remote Objects
    •
  •  Programming .NET Components : Building a Distributed Application (part 4) - Administrative Type Registration, Administrative Configuration Example
    •
  •  Programming .NET Components : Building a Distributed Application (part 3) - Programmatic Configuration Example, Administrative Configuration
    •
  •  Programming .NET Components : Building a Distributed Application (part 2) - Programmatic Type Registration
    •
     
    Most View
    Zalman CNPS9900DF Cooling Device Review (Part 1)
    HTC 8S Review - A Cheap Windows 8 Device That Doesn’t Compromise On Style (Part 2)
    Samsung 7.1 Channel Blu-Ray 3D Home Theatre System
    QNAP Turbo NAS TS-221 - Simple Yet Powerful Storage
    Zotac GeForce GTX TITAN AMP! Edition 6 GB And TITAN Graphics Cards (Part 2)
    Phanteks PH-TC90LS - Small And Quiet
    Fujifilm FinePix F900 EXR Camera Review (Part 1)
    Thermaltake Tt eSPORTS Shock Spin
    Switching to Microsoft Windows 7 : Migrating Applications and Data to a New Windows 7 Computer (part 1)
    Software for your iPhone, iPod Touch, and iPad – July 2013
    Top 10
    Sharepoint 2013 : Introducing jQuery for SharePoint developers (part 2) - Understanding jQuery methods,Understanding jQuery event handling
    Sharepoint 2013 : Introducing jQuery for SharePoint developers (part 1) - Referencing jQuery, Understanding the global function, Understanding selector syntax
    Sharepoint 2013 : Introducing JavaScript for SharePoint developers (part 3) - Creating custom libraries
    Sharepoint 2013 : Introducing JavaScript for SharePoint developers (part 2) - Understanding JavaScript functions, Understanding JavaScript closures, Understanding JavaScript prototypes
    Sharepoint 2013 : Introducing JavaScript for SharePoint developers (part 1) - Understanding JavaScript namespaces, Understanding JavaScript variables
    Windows 7 : Programming Multiple I/O Queues and Programming I/O - WatchDog Timer: Self-Managed I/O
    Windows 7 : Programming Multiple I/O Queues and Programming I/O - Reading and Writing the Registry
    Windows 7 : Programming Multiple I/O Queues and Programming I/O - Retrieving Requests from a Manual Queue
    Windows 7 : Programming Multiple I/O Queues and Programming I/O - Handling Requests from a Parallel Queue
    Windows 7 : Programming Multiple I/O Queues and Programming I/O - Creating and Configuring the Queues (part 2)