The following table lists the various security requirements for using the GP Explorer Console.
Task |
Security Requirement |
---|---|
Launch console View GPO |
|
Create GPO |
User account must be a member of one of the following groups:
|
Delete GPO |
User account must have Delete all child objects setting on the GPO. |
Search GPO |
Result of the search displays only those GPOs that have the Read permission set for the current user account. |
Backup GPO |
User account must have Read permissions on the GPOs and the LSDOU associated with the GPOs. |
Restore GPO |
User account must be a member of one of the following groups:
|
Link GPO to OU Modify security filters |
Domain Administrator and Enterprise Administrator accounts have permission to modify OU links and security filters. Other user accounts must have Delegated permission. To assign Delegated permission, use the Delegation of Control wizard in the Active Directory Users and Computers console. |
Copy, paste, import GPO |
User account must be a member of one of the following groups:
|
GPO report |
User account must have Read permission to the GPOs. |
Set indexing properties GP Repository permissions |
User account must have Full Domain Control (6) in the domain. User account must have Full Domain Control in the domain. |