Re: GPO for trusted root CA certs

Brian,

thanks for your quick answer.

Brian Delaney [MSFT] wrote:

So, I guess you could say that it secured in two ways. First of all you
have to have permissions to write to the SYSVOL\Policies folder to
create/modify a GPO and secondly you have to have permissions to the gplink
and gpoptions attribute at the level you wish to link the policy.

And how about protection of the network transport of GPO?

Ciao, Michael.
.

Relevant Pages

  • Re: Loopback Processing
    ... As long as loopback is set in one GPO, ... >to be set in any other GPO that falls with the hierarchy? ... >why does it still apply the User Configuration settings. ... >>computer provided it has permissions to the GPO's. ...
    (microsoft.public.windows.group_policy)
  • Re: dns administration delegation
    ... permissions that grant unnecessary rights. ... I wasn't aware of the GPO ... these admins full access to their local dns servers (which are also domain ...
    (microsoft.public.windows.server.dns)
  • Re: dns administration delegation
    ... I'm more concerned about these admins to have the ... early in the deployment of DNS servers and then seldom if every ... permissions that grant unnecessary rights. ... I wasn't aware of the GPO ...
    (microsoft.public.windows.server.dns)
  • Re: Computer componet of GP not being applied
    ... would expect that anything in the Computer Configuration portion of the GPO ... By "non-standard permissions", I mean what are the permissions on the GPO? ... If you look at the properties of the OU in which the Terminal Server resides ... > It all seems to be linked to the local user groups on the terminal server. ...
    (microsoft.public.windows.group_policy)
  • Re: dns administration delegation
    ... I'm more concerned about these admins to have the ... permissions that grant unnecessary rights. ... I wasn't aware of the GPO ... but not access any other dns servers within the ...
    (microsoft.public.windows.server.dns)