Re: Delegate permission to add software package in GPO
- From: JSL <JSL@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 15 Aug 2005 23:35:02 -0700
The discussion was taken place at another forum, and Darren Mar-Elia came to
the correct conclusion that the permissions I've granted on the GPO was not
inherited the its sub-containers, and thus the user was unable to add
packages even though he had FC on GPO container. The solution was to specify
that the permission (delegation) on GPO should be inerited by child object.
"Darren Mar-Elia" wrote:
> Simon-
> How are you delegating permissions to that GPO? Are you using GPMC to do it?
> The reason I ask is that using GPMC to grant edit permissions on a GPO will
> give a user the ability to add new packages to the GPO by default.
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
> FAQs, Whitepapers and Utilities for all things Group Policy-related
> Just Released! The new Windows Group Policy Guide from Microsoft Press!!!
> Check it out at http://www.microsoft.com/mspress/books/8763.asp
>
>
> "Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:3F2B22F1-5D5C-4CFB-9594-0432E2B80B99@xxxxxxxxxxxxxxxx
> > Windows Server 2003, Windows XP.
> >
> > I've been asked to delegate administrative control over one GPO, to give a
> > developer permission to roll out new versions of the software he is
> > continously working on.
> >
> > I'm working on this in a test environment, and without any problems I've
> > delegetad the right to test account to modify test GPO. I also managed to
> > delegate the control over package in GPO, for example, test user can
> > delete
> > package in software distributing test GPO, and also modify it as he
> > pleases.
> >
> > The problem is, that I can't figure out how I delegate the permission do
> > *add package* in GPO, of which test user has full control.
> >
> > (Please note that the test user can modify the GPO in any way -- delete
> > it,
> > change any settings in it, delete package in it, modify package in it, and
> > so
> > forth, so delegation as such is no problem.)
> >
> > When test user is trying to add package to GPO (from gpedit of course),
> > there's an error message stating:
> >
> > "An error occurred accessing the software installation data in the active
> > directory. See the event log for additional details."
> >
> > Event Log:
> >
> > Event Type: Error
> > Event Source: Software Installation
> > Event Category: None
> > Event ID: 101
> > Date: 2005-08-12
> > Time: 11:16:23
> > User: N/A
> > Computer: [MyComputer]
> >
> > Description:
> > Software Installation encountered the following error: Access is denied.
> >
> > Data:
> > 0000: 05 00 07 80 ...?
> >
> >
> > /Simon
>
>
>
.
- References:
- Delegate permission to add software package in GPO
- From: Simon
- Re: Delegate permission to add software package in GPO
- From: Darren Mar-Elia
- Delegate permission to add software package in GPO
- Prev by Date: Re: Group policy problem: can not assign or publish applications to us
- Next by Date: Re: Applying XP group policy setting in Windows 2000 Active Direct
- Previous by thread: Re: Delegate permission to add software package in GPO
- Next by thread: Restricted password useage
- Index(es):
Relevant Pages
|
