Neil, this would seem to indicate that something else is going on: "Just to
add to the strangeness of this issue, if I execute the same scripts above
but against a different domain (same service account) the 3rd party app
functions fine in that other domain :/"
What is the domain it works against? A test domain? Something more "out of
the box" than the domain you're running against?
On 11/24/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I am attempting to assign rights to a service account [sys-zzz], used by
a Group Policy Management tool (3rd party) so that the service account has
the necessary rights to 'manage' all GPOs in the domain.
Aside from app specific rights, I have assigned the following rights using
GPMC scripts [scripts shown below]:
1. Create/edit GPO links at the root of the domain and all child
containers
cscript "%programfiles%\gpmc\scripts\SetSOMPermissions.wsf" xxx.yyyxxx\sys-zzz
/Permission:linkgpos /Inherit /Domain:
xxx.yyy
2. Create new GPOs in the domain
cscript "%programfiles%\gpmc\scripts\SetGPOCreationPermissions.wsf"
xxx\sys-zzz /Domain:xxx.yyy
3. Edit, delete and mod security rights to all existing GPOs in the domain
cscript "%programfiles%\gpmc\scripts\GrantPermissionOnAllGPOs.wsf"
xxx\sys-zzz /Permission:fulledit /Domain:xxx.yyy
To cut a long story short, step 2 does not appear to grant the required
'create' right [GP mgmt tool complains of an "access denied" issue].
However, if I manually (using GPMC) add the service account to the list of
objects permitted to create GPOs in the domain [instead of using the script
in step 2], then the GP Management app functions fine.
Has anyone encountered a similar issues? Are there newer version of the
GPMC scripts? [I have GPMC with SP1]
Just to add to the strangeness of this issue, if I execute the same
scripts above but against a different domain (same service account) the 3rd
party app functions fine in that other domain :/
Any comments?
Thanks,
neil
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication
and
Nomura International plc ('NIplc') will not, to the extent permitted by
law,
accept responsibility or liability for (a) the accuracy or completeness
of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those
of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation, solicitation
or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
