Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Is it possible to permission only the GPOADmin service account to edit GPO's
설명
Need to lock down the environment so that only the GPOADmin service account can modify and create GPO's.
해결 방안
This is not possible as the design of the product is to create the working copy as the service account and then the user running GPOADmin makes the changes to working copy (in SYSVOL). The working copy then gets written to the live copy by the service account. For this reason it would not be possible to lock down all changes to GPOs, however this would be possible to lock down the live GPO's rather than the working copies.