Solved

Controlling GPO access

Posted on 2009-05-15
3
223 Views
Last Modified: 2012-05-07
Here is the problem; I work for a Medium sized city with a decentralized IT operation. The main IT group wants to reign in control of GPOs. For the most part I do not have a problem with this, but I would like to retain control of Log on and Log off scripts. Is there a way for our main IT office to just give us control of that portion of a GPO or is it an all or nothing kind of thing? If it is possible how do you do it?
0
Comment
Question by:lsctech
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24398226
Yeah it is an all or nothing thing.
You can't for instance in a GPO have a delegation to only let someone create the IE lockdowns and nothing else.
I'm guessing the main IT group also has domain admin rights?   They can do what ever they want if that is the case.
There are ways to put change control into group policy.  Microsoft has Advanced Group Policy Management that can help with that
http://technet.microsoft.com/en-us/library/cc749396(WS.10).aspx
Third party tools can also help with that: (one example below)
http://netiq-news.com/products/gpa/default.asp
Thanks
Mike
0
 

Author Closing Comment

by:lsctech
ID: 31582013
Thanks, Mike

I was affraid that was the answer I was going to get. I guess now it is time to plead my case. I think we are getting punished for the sins of other departments.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24398766
I've been through something like that in the past.  Hopefully the main IT group will still give rights and access to the good people not in their group.  Sounds like you have a good grasp of things so hopefully you don't get punished to much.
Crappy thing about these situations is many times they are just as much (or more) political than technical.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now