You are here
Home > Windows Server > Who can Create/Modify Group Policies?

Who can Create/Modify Group Policies?

we need to have Administrative privileges to create/modify group policies. The following table shows that can create/modify group policies:

 

Policy Type

 Allowable Groups / Users

Site Level Group Policies

Enterprise Administrators and/or Domain Administrators in the root domain. The root domain is the first domain created in a tree or forest. The Enterprise Administrators group is found only in the root domain.

Domain Level Group Policies

Enterprise Administrators, Domain Administrators or members of the built-in group – Group Policy Creator Owners. By default only the Administrator user account is a member of this group

OU Level Group Policies

Enterprise Administrators, Domain Administrators or members of the Group Policy Creator Owners. By default only the Administrator user account is a member of this group.

Additionally, at the OU level, users can be delegated control for the OU Group Policies by starting the Delegate Control Wizard (right click the OU and choose Delegate Control). However, the wizard only allows the delegated user to Link already created group policies to the OU. If you want to give the OU administrators control over creating/modifying group policies, add them to the Group Policy Creator Owners group for the domain.

Local Group Policies

The local Administrator user account or members of the local Administrators group.

 

Leave a Reply

9 + eight =

Top