AD CS : Delegate GPO Creation/Management
To delegate creation of new Group Policy Objects and link Group Policy Objects to existing OU’s you mustperform the following tasks:
- Add the user to the Group policy Creator Owner built-in group
- Delegate the ‘Manage Group Policy links‘ permission on the Organisational Units you wish the user to be able to link policies to.
Optional for generating RSOP information:
- Delegate the ‘Read Group Policy Results data‘ permission on the Organisational Units you wish the user to be able to link policies to.
You can also utilise GPMC for delegation of GPO permissions.