Skip navigation

How do I delegate permissions for someone to edit a GPO?

A. It’s easy to delegate the ability for users to be given the ability to link GPOs to an OU or domain via the Delegation tab of the OU/domain/site within the GPMC. But doing so gives users the ability only to link GPOs, not actually edit them. To grant a user/group the ability to edit a GPO, you can perform the following steps. However, I’ll warn you that if a GPO is used in multiple locations, giving a user/group the ability to edit will modify the GPO in any place it’s used.

1. Under Group Policy Objects, select the GPO on which you want to delegate Edit permissions and select the Delegation tab in the Microsoft Management Console (MMC) details pane. Notice, on the same tab, that you can see all the permissions that apply to a GPO.

2. Add the group/user to which you want to delegate Edit permissions by clicking Add.

3. You’ll be prompted to select permissions. The default is Read; however, you can also select Edit or Edit, Delete, and Modify security permissions. Click OK.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.