ubject: RE: [ActiveDir] Granting rights to 'Manage GPOs'
I'd prefer to grant the service the rights it *needs* rather than carte
blanche Domain Admins rights. However, as new GPOs are created, only the
default (Schema defined?) ACLs are applied, which includes DAs but will
*not* include m
.
Back to the drawing board...
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves
Sent: 04 December 2006 04:38
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Granting rights to 'Manage GPOs'
You might want to set the account to ha
Back to the drawing board...
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves
Sent: 04 December 2006 04:38
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Granting rights to 'Manage GPOs'
You might want to set the account to have non-int
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves
Sent: 04 December 2006 04:38
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Granting rights to 'Manage GPOs'
You might want to set the account to have non-interactive rights, since
I'm a
ailto:
[EMAIL PROTECTED] *On Behalf Of *
[EMAIL PROTECTED]
*Sent:* Friday, November 24, 2006 6:57 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* [ActiveDir] Granting rights to 'Manage GPOs'
I am attempting to assign rights to a service account [sys-zzz], used by a
Group Policy Management tool
cy Management solutions at <http://www.sdmsoftware.com/> SDM
Software
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, November 24, 2006 6:57 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Granting rights to 'Manage GPOs&
Neil, this would seem to indicate that something else is going on: "Just to
add to the strangeness of this issue, if I execute the same scripts above
but against a different domain (same service account) the 3rd party app
functions fine in that other domain :/"
What is the domain it works again
I am attempting to assign rights to a service account [sys-zzz], used by
a Group Policy Management tool (3rd party) so that the service account
has the necessary rights to 'manage' all GPOs in the domain.
Aside from app specific rights, I have assigned the following rights
using GPMC scripts [scri