We have a number of incidents where people cannot amend group policies that they did not create (in a Windows Server 2012 domain).
On these objects, edit is greyed out, even when signed in as a domain administrator.
We are also aiming to give group policy permissions by Active Directory group as opposed to individual users.
I am wondering if there is a specific permission that I can give to the AD group in question that will allow them to edit all group policy objects without having to go through and manually change the permissions on individual objects.
Failing that, is there a quick way to change the permissions across the board and also to set it so those permissions are given as standard when new objects are created?
I appreciate any insight into this problem.