Dear all, I am looking to some information with respect to Group policy object delegation.
the requirement is to allow additional users to create new GPO's without 'Domain Admins' membership. Seems the way to go is to add the user accounts to the 'Group policy creator owners' group. this allows them to create GPO's and have the necessary permissions to edit (and presumably delete) GPO's that they own by way of there creating them. how can this be implemented to support a team environment whereby say USER2 in a group would want to be able to edit a GPO created by USER1 can we add a group to the 'Group policy creator owners' group that allows the members of that group to 'share' the permissions on GPO's that members of that group create ? if not it seems the only supported mechanism is for USER1 who creates the GPO to assign permissions on the GPO that they create - hardly ideal ? Thanks GT List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
