Delegate Permissions for Generating Group Policy Results
|
Scenario/Problem: A team requires the capability to generate group policy results data for computers and users located in a particular OU.
|
Solution: Delegate the permissions to generate group policy results data.
To delegate permissions to generate group policy results data, perform the following steps:
1. | Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.
|
2. | Click Start, click Administrative Tools, and then click Group Policy Management.
|
3. | If
you want to delegate the permission to generate group policy results
data on the domain level, select the domain node in the console tree.
|
4. | If you want to delegate the permission to generate group policy results data on an OU, select the OU in the console tree.
|
5. | Click the Delegation tab. Ensure that the Permission field contains Read Group Policy Results data, as shown in Figure 1. Click Add.
|
6. | On
the Select User, Computer, or Group window, enter the name of the group
to which you want to delegate the capability to generate group policy
results and click OK.
|
7. | On the Add Group or User window, select the inheritance settings and click OK. |
Modify Delegated Permissions for Generating Group Policy Results
|
Scenario/Problem:
A team was previously granted the capability to generate group policy
results data at the domain level. They now need this permission at every
OU in the domain.
|
Solution: Modify delegated permissions for generating group policy results data.
To modify delegated permissions for generating group policy results, perform the following steps:
1. | Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.
|
2. | Click Start, click Administrative Tools, and then click Group Policy Management.
|
3. | If
you want to modify delegated permissions to generate group policy
results data on the domain level, select the domain node in the console
tree.
|
4. | If you want to modify delegated permissions to generate group policy results data on an OU, select the OU in the console tree.
|
5. | Click the Delegation tab. Ensure that the Permission field contains Read Group Policy Results Data.
|
6. | In
the details pane, right-click the group for which you want to modify
delegated permissions; then select This container only or This container
and children.
|
7. | Click OK on the confirmation screen to change inheritance.
|
Remove Delegated Permissions for Generating Group Policy Results
|
Scenario/Problem: A
team was previously granted the capability to generate group policy
results data at the domain level. They no longer require this
permission.
|
Solution: Remove delegated permissions for generating group policy results data.
To remove delegated permissions for generating group policy results, perform the following steps:
1. | Log on to a domain controller or a member computer that has Windows Server 2008 RSAT installed.
|
2. | Click Start, click Administrative Tools, and then click Group Policy Management.
|
3. | If
you want to remove delegated permissions to generate group policy
results data on the domain level, select the domain node in the console
tree.
|
4. | If you want to remove delegated permissions to generate group policy results data on an OU, select the OU in the console tree.
|
5. | Click the Delegation tab. Ensure that the Permission field contains Read Group Policy Results Data.
|
6. | In the details pane, right-click the group for which you want to remove delegated permissions and select Remove.
|
7. | Click OK on the confirmation screen to remove the delegated permissions.
|
