The following table lists the various security requirements for using the GP Analysis Console.
|
Task |
Security Requirement |
|---|---|
|
Launch console |
Active Directory permissions: User account must have Read permission to the GPOs on the domain under analysis. |
|
Perform RSoP |
SQL permissions Active Directory permissions: User account must have Read permission to all GPOs and SDOU hierarchies. |
|
Perform Search |
SQL permissions Active Directory permissions: User account must have Read permission to all GPOs and LSDOU hierarchies. |
|
Perform Compare or Differentiate |
SQL permissions: SQL connect permissions to GP Repository. Active Directory permissions: User account must have Read permission to all GPOs and SDOU hierarchies. |
|
Perform remote diagnostics |
OS permissions: User account that runs remote diagnostics must have local Administrator rights on that remote computer. |
|
Perform client‑side auditing |
OS permissions: User account must have Read permission to the registry on the remote computer. |