Hi, this is Jeremy Moskowitz from GPanswers.com and today I am going to show you about delegation with Group Policy. Turns out this can be a little confusing because there is actually the old and the new way to handle delegation. I am going to walk through both.
The first thing, I am going to go over the old way first. That is here in Active Users and Computers. You could dive down under say to a particular OU, in Active Directory Users and Computers and go to say East Sales, just some random OU I have. Click on Delegate Control which is very common option, we do this a lot in regular Active Directory. If we click on Next, we will actually see, let me add a quick user, I’ll add a guy like EastSalesUser1, maybe he is in charge.
So I have added this guy in and turns out under Group Policy land you can actually manage three or four things. Manage Group Policy Links which will enable this person to link GPO’s over to this OU. Generate Result and Set of Policy (Planning) is actually is a term we do not use any more. We do not use planning, it has been replaced. We will talk about that in just a minute. And also Generate Result and Set of Policy (Logging). Also that terminology has been replaced. But it is still here in the old world. Now if you go ahead and click through just say Manage Group Policy Links, just for fun, and we say Finish. The down side is that it is not super obvious who is delegated to what thing here. So this is not the preferred place to go for delegation anymore.
The new way of doing delegation using GPMC is to click on the OU itself in the GPMC, alright. Then you click onto the Delegation tab and this is where all the action occurs. Then what you do is you will pick the right you want to give somebody. Notice, that user is in fact listed right here. Which is nice because there is really no way to do that in the old interface without turning on super advanced view and kind of go and dig around in there. So it is kind of nice we can see it right in the GPMC.
If we want to remove this guy, just for fun, we will select the right and here are those three rights we just saw in the old interface. And they are now over here, there is Link GPO’s , Perform Group Policy Modeling Analyses, which is future looking way of figuring out what happens if somebody moves or changes job roles, or Read Group Policy Results data, the thing we use when we use GP results. So, long story short, we will go ahead and click on the Delegation tab, click on Link GPO, go ahead and click Add. Your user name, EastSalesUser1, and we can select if we want to do it here and downward or not. I do not have any sub OU’s so it is not really relevant. And we will click OK and, that is it.
Turns out it is nicer doing it inside the GPMC because all of our delegation is all in one spot and we can see, edit, remove, anything we want all in one place. That’s it, thanks so much, I’ll see you soon on-line or person real soon. Thank you.