Re: IMPACT of (Delegation Control of Group Policy) on Active Direc
- From: Tariq Ziad <TariqZiad@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Mar 2007 19:00:36 -0700
not clear!!
"Paul Bergson [MVP-DS]" wrote:
Inline.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Tariq Ziad" <TariqZiad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:038969A1-C152-4E3F-94C7-6C59F0C35548@xxxxxxxxxxxxxxxx
Dear All,
I'd like to ask about the bad effects, impact on the health of active
directory that could result from delegating control of group policy
creation,
editing, linking on OU of Computers and Users OR on Site level to an
engineer
who is only responsible for desktops and laptops (SUPPORT Engineer). I
mean
he is responsible to every thing related to installing OS, Software, and
all
kind of OS and Software settings for users( i.e. on there computers). He
is
not responsible of dealing with any activity related to servers or Active
Directory.
Active Directory is totally managed by a system engineer responsible for
AD,
Exchange, and other print, share and application servers.
Would it harm to delegate control of group policy on OU of computers and
users or on sites to SUPPORT Engineer since his area of responsibility is
desktops and laptops?? Would that have any effect on Servers and AD?
I hope you lead me to Microsoft articles and documents related to this
IMPACT subject
No
..
A small example:
1) if there is an OU that have 10 computer accounts and this SUPPORT
Engineer has delegation of control to create group policies and link them
to
this OU, then how would this harm Active Directory and Domain Controllers.
Also, I mean would creating a GPO and having it appearing in the active
directory even without linking it to any container level (SITE, DOMAIN,
OU),
would that have any harm on the domain container containing it??
He could not impact any other object other than the objects within the ou in
which
he has delegated authority of. He can only maintain those object types for
which
he has been delegated authority over.
2) if there is a site that have computers and servers and this SUPPORT
Engineer has delegation of control to create group policies and link them
to
this Site, then how would this harm Active Directory, Domain Controllers,
and
Servers. How could servers be excluded from any group policy applied on
the
site level, i.e could block inheritance help if these servers are included
in
an OU?
Same thing he can only manipulate those objects within this ou. He can only
maintain those object types for which he has been delgated authority over.
Regards,
Tariq Ziad
- References:
- Re: IMPACT of (Delegation Control of Group Policy) on Active Directory
- From: Paul Bergson [MVP-DS]
- Re: IMPACT of (Delegation Control of Group Policy) on Active Directory
- Prev by Date: RE: Pushing out a new Printer to All users
- Next by Date: RE: AutoLogin Admin Template (GPO)
- Previous by thread: Re: IMPACT of (Delegation Control of Group Policy) on Active Directory
- Next by thread: Re: IMPACT of (Delegation Control of Group Policy) on Active Directory
- Index(es):
Relevant Pages
|
