Domain Security Group Policy

[Jurbop]

I am logged on as administrator on a Domain Controller. I
am a member of the Domain and Enterprise Admin groups. The
Domain Admin group is the owner of the Domain Security
Group Policy (DSGP). When I right click the Domain name in
the AD Users and Computers module, click on Properties,
then the Group Policy tab, then highlight the DSGP, the
EDIT button is grayed out. When I open DSGP Properties,
then the Security tab, a message says I have READ ONLY
ability and all of the member options are grayed out, and
when I click on the ADVANCED tab, I'm notified I can only
read the contents. I need to make changes in the DSGP as
there are settings there preventing me from doing things
on the network. I am a student and this is a small 4 node
home network for study purposes. The Domain Group Policies
are: Default Domain Policy (DDP, no override), DSGP, and
MMC Restrictions in that order. There is relatively
nothing defined in the DDP to restrict my access. I also
checked the Domain Security Policy and the Domain
Controller Security Policy in the Administrative Tools,
and didn't see anything to restrict my access there
either. Please help!!! Thanks.

 

[Guest]

After you press the Advanced button, go to the Owner page, you need to take
the ownership of the policy.

BR,
Denis

 

[Guest]

The owner of the Domain Security Group Policy is the
Domain Admin group. My administrator account is a member
of the Domain Admin group. Also, when I press the Advanced
button a message tells me I can only look at the page, I
am not able to make any changes, therefore I couldn't
change the ownership if it was necessary. I am not able to
do anything with this policy, and I am a member of all of
the Admin groups.