Solved

Give permission to someone to create GPO?

Posted on 2010-08-18
5
1,304 Views
Last Modified: 2012-05-10
Hi Experts,

I have an AD on server 2003. I created a 'Tech Admins' security group and added a person named 'Moon' to this group. I'd like give this group permission to create GPO only for 'Tech' OU. How do I do that?

Here is my domain structure from 'group policy management' console:
Group Policy Management
Forest: mycompany.org
  Domains
    mycompany.org
      IT
        Field
          Tech

Thanks.
0
Comment
Question by:SJCA
  • 2
  • 2
5 Comments
 
LVL 2

Assisted Solution

by:hydrokid
hydrokid earned 150 total points
ID: 33466555
Download the group policy management console from microsoft. (GPMC)
Open GPMC -> Click the OU you want to delegate -> On the result pane on the right, select the Delegation tab -> Click add to add the user or group you want to delegate permission to
0
 
LVL 1

Author Comment

by:SJCA
ID: 33466638
I clicked the 'Delegation' tab and then click 'Add' to add 'Tech Admins' group . It went fine but when the user 'Moon' log in and right click on 'Tech' OU, he still see the 'Create and Link a GPO Here...' greyed out, but everything else is fine. Any ideas?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33466650
is the user a member of the Group Policy Creator Owners group ? if not, add then in addition to the delegation and that should work.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 350 total points
ID: 33466672
the same applies, to if its a GROUP you want to add obviously.
0
 
LVL 1

Author Closing Comment

by:SJCA
ID: 33755309
Thanks!
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now