How to Give Users Access to Group Policy Objects

Summary

This article describes how to give users permission to access the Group Policy object if the Access Control List (ACL) has been modified so that Read and Apply permissions are restricted.

More Information

You may not be able to apply a Group Policy object if the Access Control List (ACL) has been configured to restrict Read and Apply permissions for the Group Policy object.

By default, if you are a member of the Authenticated Users group, you have access to Group Policy objects. The Authenticated Users group has Read and Apply Group Policy permissions on Group Policy objects. If the Authenticated Users group is removed from the ACL on the Group Policy object, then you do not have Read and Apply permissions for that Group Policy object.

As an administrator, you can give users access to the Group Policy object by using either of the following methods:
  • Add the user to the ACL on the Group Policy object explicitly, and then give this user Read and Apply Group Policy permissions.
  • Give the Authenticated Users group Read and Apply Group Policy permissions.
  • Create a security group, add the necessary users to this group, and then give this group Read and Apply Group Policy permissions on the ACL of the Group Policy object.

NOTE: You must also ensure that the user, or the group that the user belongs to, is not explicitly denied access to the Group Policy object. An explicit Deny permission always overrides an Allow permission.

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

250842 Troubleshooting Group Policy Application Problems
201227 Managing Security on Group Policy Data in SYSVOL

Eigenschaften

Artikelnummer: 273857 – Letzte Überarbeitung: 01.03.2007 – Revision: 1

Feedback