How do I Lock-out GPO to Clients

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi

I need to lock-out a client with Admin rights from modifing the GPO or audit
his modification to GPO. I been seeing modifications to the GPO that is
strange. Is there a way toy to find out who is modidifing the GPO.
 
if you want to prevent an admin from managing GPOs, then don't make them an
admin.
It does not matter if you set specific deny ACLs on GPOs. The admin can
take ownership of the object and grant herself access.
You can audit policy change. But the admin can stop auditing or can cover
her tracks by deleting the audit events in the security log.
It is pointless to go down this path. untrusted users should not be
administrators.
 
Back
Top