Group Policy Permissions Issue

[Guest]

After a crash do to a group policy being edited, I want to make my group
policies read only.

I made it so everyone only had read rights to the security of two group
policies, in my domain.

I assumed that as the owner - the Domain or Enterprise Admin would be able
to edit the permissions, like it is with the file system.

Opps

Seems like I can not alter the permissions, or delete the Group Policies
from my list of Group Policies. Even as the owner of the Policy.

Any way to reset the permissions of a Group Policy so the Domain/Enterprise
admin could edit the file again?

 

[Steven L Umbach]

You always can use the dsacls command but it may be easier to first try
using AD Users and Computers. First make sure advanced features are selected
in view. The go to system - policies to find all your Group Policies. Then
right click them and select properties where you can use the security tab to
hopefully change permissions back to what you need. You will only see the
GUID for each Group Policy. You can use the support tool gpotool /v to find
the friendly names of each policy if you need such.. --- Steve

 

[Guest]

Using Active Directory Users and Computers/System/Policies was the trick.

Thanks

 

[Steven L Umbach]

Glad to here that and I want to add that unless users/computers have "apply"
permission for the Group Policy that the policy will not apply to them.
System State backups of a domain controller will backup all the Group
Policies along with other AD info and then you could always do an
authoritative restore if you have problems in the future due to a corrupted
or otherwise mangled policy. --- Steve