[gptalk] Re: Running Group Policy Results with Non-Administrator permissions

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sun, 21 Oct 2007 10:39:23 -0700


I suspect the issue is around WMI permissions. RSOP is stored in WMI and
requires remote WMI (DCOM) access in order to run GP Results across the
network. Running RSOP locally is fine for a normal user, so its not so much
an RSOP delegation issue as a WMI delegation issue. Sadly, there is no easy
way to modify WMI permissions remotely that I know of.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Omar Droubi
Sent: Sunday, October 21, 2007 12:09 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Running Group Policy Results with Non-Administrator




I am trying to determine if there is a way to delegate the right to a user
to run the GPMC Group Policy Results function on a remote machine that they
are not an Administrator of.


I have delegated the permissions on the container in AD and I can see that
the right has trickled down to the computer object- but I don't think that
gets transferred down to the server.


Also-I cannot find any reference to configuring this right on the local
machine through a local security policy, domain group policy or anything


When the GP results is run remotely- what is actually taking place when
reading the system GP results logs? Is there maybe a file or folder
permission I can tweak or is it coming in through the IPC$ share that is
limited to admins?


Any help would be much appreciated.





Other related posts: