JSI Tip 5473. How do I delegate control of Group Policy to members of a trusted domain?

Jerold Schulman

June 24, 2002

1 Min Read
ITPro Today logo in a gray background | ITPro Today

In tip 2882, we saw that to the delegee must be a member of the Group Policy Creator Owners security group to receive the permission to modify / add / delete Group Policy.

Users in another domain can NOT be added to the Group Policy Creator Owners security group.

Here is a workaround:

  1. Use Active Directory Users and Computers to create a domain local group in the domain that you want these permissions.

  2. Add a user or users from the trusted domain to this new group.

  3. In Active Directory Users and Computers, expand Systems. Right-click Policies and press Properties. Select the Security tab.

  4. Add the new domain local group, and grant it Create All Child Object permissions.

  5. Use Windows Explorer to navigate to the %systemroot%SysvolDomainPolicies folder and press Properties. Select the Security tab.

  6. Add the new domain local group and grant it Modify, Read & Execute, List Folder Contents, Read, and Write permissions.

  7. Right-click the organizational unit and press Delegate Control.

  8. Add the new domain local group and check the delegate the following common tasks radial button. Check the Manage Group Policy Links box.

  9. Close Active Directory Users and Computers.

  10. Open a CMD prompt and type: secedit /refreshpolicy machine_policy /enforce



About the Author

Jerold Schulman

Jerold Schulman

See more from Jerold Schulman
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a gavel at the center of a maze
Regulatory Compliance
Guide To Navigating the Legal Perils After a Cyber IncidentGuide To Navigating the Legal Perils After a Cyber Incident
byIan Horowitz
Sep 20, 2024
7 Min Read
4 different colored figures standing on different sized piles of coins
IT Management
6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists
byJoe Milan
Sep 19, 2024
9 Min Read
skills dial
IT Operations
ERP Skills Outpace AI in 2024 as Demand for IT Strategy SoarsERP Skills Outpace AI in 2024 as Demand for IT Strategy Soars
byNathan Eddy
Sep 23, 2024
7 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

Linux written on top of code
Linux OS
How to Set Up a Separate /home Partition on LinuxHow to Set Up a Separate /home Partition on Linux
screenshots of PowerShell code fly off of a laptop screen
PowerShell
PowerShell Screen Captures: How To Automate Screenshots in Your ScriptsPowerShell Screen Captures: How To Automate Screenshots in Your Scripts
tablet with "cloud computing" on the screen on top of financial documents and calculator
Cloud Computing
Guide to Cloud Computing ETFsGuide to Cloud Computing ETFs
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles