The following table lists the various security requirements for using the GP Analysis Console.
Task |
Security Requirement |
---|---|
Launch console |
Active Directory permissions: User account must have Read permission to the GPOs on the domain under analysis. |
Perform RSoP |
SQL permissions Active Directory permissions: User account must have Read permission to all GPOs and SDOU hierarchies. |
Perform Search |
SQL permissions Active Directory permissions: User account must have Read permission to all GPOs and LSDOU hierarchies. |
Perform Compare or Differentiate |
SQL permissions: SQL connect permissions to GP Repository. Active Directory permissions: User account must have Read permission to all GPOs and SDOU hierarchies. |
Perform remote diagnostics |
OS permissions: User account that runs remote diagnostics must have local Administrator rights on that remote computer. |
Perform client‑side auditing |
OS permissions: User account must have Read permission to the registry on the remote computer. |