Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 108
  • Last Modified:

How to restrict Group policy administration to a specific domain user/group

We have Windows 2003 Domain controller and we have couple of Domain/Enterprise admins. How to restrict Group policy administration to a specific domain user/group?
0
psanjoy
Asked:
psanjoy
  • 2
1 Solution
 
RizzleCommented:
Check out this article from Microsoft on group policy management! But by default domain admins can create, amend and delete policies, maybe worth look into whether they definitely need domain admin rights?

http://technet.microsoft.com/en-us/library/cc754948(v=ws.10).aspx
0
 
psanjoyAuthor Commented:
domain admins  and enterprise admins should not have access to GP management except the Local Admin/ a specific user. pls help me
0
 
RizzleCommented:
ok I got you now,

try the solution listed in this Microsoft article which restricts access to specific admins to Group Policy.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/59ebdb08-57f0-4e22-928f-a2f5fd3d5bdf/restrict-group-policy-editing-to-a-group-of-domain-admins?forum=winserverGP
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now