Solved

Controlling GPO access

Posted on 2009-05-15
3
226 Views
Last Modified: 2012-05-07
Here is the problem; I work for a Medium sized city with a decentralized IT operation. The main IT group wants to reign in control of GPOs. For the most part I do not have a problem with this, but I would like to retain control of Log on and Log off scripts. Is there a way for our main IT office to just give us control of that portion of a GPO or is it an all or nothing kind of thing? If it is possible how do you do it?
0
Comment
Question by:lsctech
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24398226
Yeah it is an all or nothing thing.
You can't for instance in a GPO have a delegation to only let someone create the IE lockdowns and nothing else.
I'm guessing the main IT group also has domain admin rights?   They can do what ever they want if that is the case.
There are ways to put change control into group policy.  Microsoft has Advanced Group Policy Management that can help with that
http://technet.microsoft.com/en-us/library/cc749396(WS.10).aspx
Third party tools can also help with that: (one example below)
http://netiq-news.com/products/gpa/default.asp
Thanks
Mike
0
 

Author Closing Comment

by:lsctech
ID: 31582013
Thanks, Mike

I was affraid that was the answer I was going to get. I guess now it is time to plead my case. I think we are getting punished for the sins of other departments.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24398766
I've been through something like that in the past.  Hopefully the main IT group will still give rights and access to the good people not in their group.  Sounds like you have a good grasp of things so hopefully you don't get punished to much.
Crappy thing about these situations is many times they are just as much (or more) political than technical.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question