Hi All,
Im strugling abit here.
Servers: 2003 and 2008
Forest Funtional level: Windows 2003
Domain Functional level: Windows 2003
Scenario: I want to give a user the abilty to use Group Policy Management Snap in, to create and link GPO's. They should not be part of the Administrators group and not be able to log onto any domain controllers.
I tried finding a detailed document to outline permissions needed to do this.
I tried delagating control and then adding the user to the Group Policy Creator Owners group, but when testing get an "This security ID may not be assigned as the owner of this object." when i add the user into the built in administrators group it works fine.
Any ideas how i can work around adding the user to the administrative group im trying to set it up with the least amount of permissions.
The idea is to have one group and just assign a user to this group and remove when no loger needed.