Getting Started on GPanswers.com
AGPM Service Account - minimal privileges
According to the documentation for AGPM 4.0,
the minimum privileges required for the AGPM Service Account include:
Membership in the Group Policy Creator Owners group in each domain the AGPM Server manages.
Membership in the Backup Operators group in each domain the AGPM Server manages.
Assuming you have a Forest with multiple child domains, whatever or wherever your AGPM service account is, it cannot be added to the child domain Group Policy creator Owners groups in the other child domains. This group is a global group!
What is the best way to use AGPM, a AGPM service account with multiple domains?
Getting Started on GPanswers.com
AGPM Service Account - minimal privileges
Using an account with the Editor role, request the creation of a GPO, which you then approve using an account with the Approver role. With the Editor account, check the GPO out of the archive, edit the GPO, check the GPO into the archive, and request deployment.
__________________________________________________ ___
Want to get-on Google's first page and loads of traffic to our website? Hire a SEO Specialist from Ocean Groups seo specialist
LinkBack URL
About LinkBacks
Reply With Quote
