Various 3rd party offerings are available in this space. NetIQ, Quest, ScriptLogic and NetPro, for example, offer tools in this area.
They can be used to grant users permissions to make 'offline' GPO changes, which are then approved by an admin and deployed into prod by a service account. Naturally, they are not free, as is GPMC, but they offer an offline model, with granular delegation and workflow too. neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: 26 June 2006 19:27 To: [email protected] Subject: [ActiveDir] Group Policy question Colleagues, Our Microcomputer Support group wants the ability to create Group Policy objects and apply them to various workstations. I've taken a few classes in AD, but I'm a tad shaky on how to give these folks just barely enough privs to create GPO's and only link them to the OU's I choose. It would seem that I should add the whole Micro group to the "Group Policy Creator Owners" group in the "Users" OU, but the description "Members in this group can modify group policy for the domain" scares me a bit. Unless, of course, it is *also* necessary to use the Delegate Control wizard on whatever OU's they need, thus limiting their power to link GPO's to only those OU's. All suggestions from you knowledgeable AD Admins gratefully accepted! -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
