Group Policy - RSOP Logging - Registry permissions
Posted on 2009-02-15
I have a Windows Server 2003 domain and I created a group policy "Test" and I applied at the domain level. I made a change under Computer Configuration\Windows Settings\Security Settings\Registry. I added the key "MACHINE\Software\Microsoft\Windows NT\Current Version\Svchost".
I changed the security permissions on this key to be
Administrators -- Read
Users -- Read
I selected the setting to "Configure this key, then replace existing permissions on all subkeys with inheritable permissions".
The group policy seems to have been pushed out to all of the computers in the domain.
I ran the Resultant set of Policy (Logging) on a few of the computers in the domain and it looks to be receiving the policy. I checked under the Precedence tab and it shows the correct group policy. However, when I check the permissions for that registry key by going to Properties, Security Policy setting, View Security it shows "Everyone" Full control. It should be Read only.