GPO Delegation

GPO Delegation

Just like other AD objects, security principals can be assigned permissions to access a GPO. The following are the list of permissions that can be assigned:

  • Read
  • Edit Settings
  • Edit Settings, Delete, Modify security

The following steps illustrate how to set permissions for a GPO:

  • In the left pane of the GPMC snap-in, select the GPO
  • In the right pane, select the Delegation Tab. The list of users with their permission will be displayed under the Group and Users section
  • Click Add to add a specific user, group or computer. Select the permission from the drop down list and click OK

    • Related Articles

    • Active Directory Computer Delegation

      The general tab When a computer is trusted for delegation it means that any services running on the local system can request services from other servers on behalf of the user. Do not trust this computer for delegation – specifies that no delegation ...

    • Active Directory Computer Delegation tab

      The general tab When a computer is trusted for delegation it means that any services running on the local system can request services from other servers on behalf of the user. Do not trust this computer for delegation – specifies that no delegation ...

    • How to Control USB Access on select Devices using GPO

      Enabling and Disabling USB access using Active Directory Group Policy Removable storage devices such as USB drives have gained widespread use and become an indispensable way for the storage of data. However, they also pose a threat to the security of ...

    • GPO Inheritance

      A user or a computer in an OU can have multiple GPOs applied to it. For example, Local Group Policy, GPOs linked to the site, GPOs linked to the domain and GPOs linked to the OU. Also, multiple GPOs can be linked to any of these containers. The ...

    • How to configure GPO in Active Directory at Site, Domain and OU levels

      Introduction Active Directory network multiplies over time and it may become incommodious to manage. There is a myriad of things that need to be controlled such as security permissions, software installation, desktop settings for users and computers, ...