Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Give permission to someone to create GPO?

Posted on 2010-08-18
5
Medium Priority
?
1,493 Views
Last Modified: 2012-05-10
Hi Experts,

I have an AD on server 2003. I created a 'Tech Admins' security group and added a person named 'Moon' to this group. I'd like give this group permission to create GPO only for 'Tech' OU. How do I do that?

Here is my domain structure from 'group policy management' console:
Group Policy Management
Forest: mycompany.org
  Domains
    mycompany.org
      IT
        Field
          Tech

Thanks.
0
Comment
Question by:SJCA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Assisted Solution

by:hydrokid
hydrokid earned 600 total points
ID: 33466555
Download the group policy management console from microsoft. (GPMC)
Open GPMC -> Click the OU you want to delegate -> On the result pane on the right, select the Delegation tab -> Click add to add the user or group you want to delegate permission to
0
 
LVL 1

Author Comment

by:SJCA
ID: 33466638
I clicked the 'Delegation' tab and then click 'Add' to add 'Tech Admins' group . It went fine but when the user 'Moon' log in and right click on 'Tech' OU, he still see the 'Create and Link a GPO Here...' greyed out, but everything else is fine. Any ideas?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33466650
is the user a member of the Group Policy Creator Owners group ? if not, add then in addition to the delegation and that should work.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 1400 total points
ID: 33466672
the same applies, to if its a GROUP you want to add obviously.
0
 
LVL 1

Author Closing Comment

by:SJCA
ID: 33755309
Thanks!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question