By default, if you are a member of the Authenticated Users group, you have access to Group Policy objects. The Authenticated Users group has Read and Apply Group Policy permissions on Group Policy objects. If the Authenticated Users group is removed from the ACL on the Group Policy object, then you do not have Read and Apply permissions for that Group Policy object.
As an administrator, you can give users access to the Group Policy object by using either of the following methods:
- Add the user to the ACL on the Group Policy object explicitly, and then give this user Read and Apply Group Policy permissions.
- Give the Authenticated Users group Read and Apply Group Policy permissions.
- Create a security group, add the necessary users to this group, and then give this group Read and Apply Group Policy permissions on the ACL of the Group Policy object.
NOTE: You must also ensure that the user, or the group that the user belongs to, is not explicitly denied access to the Group Policy object. An explicit Deny permission always overrides an Allow permission.
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Artikelnummer: 273857 – Letzte Überarbeitung: 01.03.2007 – Revision: 1