To delegate permissions for a group or user on a Group Policy object |
-
In the Group Policy Management Console (GPMC) console tree, expand the Group Policy Objects node in the forest and domain containing the Group Policy object (GPO) for which you want to add or remove permissions.
-
Click the GPO.
-
In the results pane, click the Delegation tab.
-
Click Add.
-
In the Select User, Computer, or Group dialog box, click Object Types, select the types of objects for which you want to add GPO permissions, and then click OK.
-
Click Locations, select either Entire Directory or the domain or organizational unit containing the object for which you want to add GPO permissions, and then click OK.
-
In the Enter the object name to select box, type the name of the object for which you want to add GPO permissions by performing one of the following actions:
- If you know the name, type it and then click
OK.
- To search for the name, click
Advanced, type the search criteria, click Find Now,
select the name in the list box, click OK, and then click
OK again.
- In the Permissions box of the Add
Group or User dialog box, select the appropriate permissions
from the drop-down list, and then click OK.
- If you know the name, type it and then click
OK.
Additional considerations
- To perform this procedure, you must have
Edit settings, delete, and modify security permissions on
the GPO.
- Groups and users that have Custom in
the Allowed Permissions column in the Groups and
users list box on the Delegation tab have permissions
that do not match one of the three standard levels of permissions.
To view the permissions for groups with custom permissions or to
set custom permissions, click Advanced.
- You can also click the Delegation tab
to change or remove permissions for a group or user on a GPO.