Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Controlling GPO access

Posted on 2009-05-15
3
Medium Priority
?
236 Views
Last Modified: 2012-05-07
Here is the problem; I work for a Medium sized city with a decentralized IT operation. The main IT group wants to reign in control of GPOs. For the most part I do not have a problem with this, but I would like to retain control of Log on and Log off scripts. Is there a way for our main IT office to just give us control of that portion of a GPO or is it an all or nothing kind of thing? If it is possible how do you do it?
0
Comment
Question by:lsctech
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 24398226
Yeah it is an all or nothing thing.
You can't for instance in a GPO have a delegation to only let someone create the IE lockdowns and nothing else.
I'm guessing the main IT group also has domain admin rights?   They can do what ever they want if that is the case.
There are ways to put change control into group policy.  Microsoft has Advanced Group Policy Management that can help with that
http://technet.microsoft.com/en-us/library/cc749396(WS.10).aspx
Third party tools can also help with that: (one example below)
http://netiq-news.com/products/gpa/default.asp
Thanks
Mike
0
 

Author Closing Comment

by:lsctech
ID: 31582013
Thanks, Mike

I was affraid that was the answer I was going to get. I guess now it is time to plead my case. I think we are getting punished for the sins of other departments.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24398766
I've been through something like that in the past.  Hopefully the main IT group will still give rights and access to the good people not in their group.  Sounds like you have a good grasp of things so hopefully you don't get punished to much.
Crappy thing about these situations is many times they are just as much (or more) political than technical.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question