Removing GPO permissions

I mentioned using None as a PermissionLevel to remove someone's rights from GPO Delegation, but let's spin out a sample command to make sure you can do it on your own. When deleting a GPO or a GPO Link, you are utilizing entirely different PowerShell cmdlets (one starting with the word Remove) from what you use for building those objects, but for GPO permission removal you do not use a Remove-type command. Instead, you continue to use Set-GPPermissions, but flag them for configuring a PermissionLevel called None. Here is a command that reverses the rights that we just handed to our user called Grace. We have now decided she does not require permission to modify MyNewGPO, and so we are going to take those rights away from her:

Set-GPPermissions -Name MyNewGPO -PermissionLevel None -TargetType User -TargetName "Grace"

Maybe even more useful is a sample command to remove Authenticated Users from a GPO, as we did when setting Security Filtering earlier. This is a common thing to do whenever you want to filter a GPO down to particular users or groups. The following command will remove Authenticated Users from Delegation on MyNewGPO:

Set-GPPermissions -Name "MyNewGPO" -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None
You probably noticed by now that in these commands I am sometimes changing around the order of the different switches. Sometimes -PermissionLevel comes first followed by -TargetType, then -TargetName. Sometimes, it's completely the opposite! The order of these switches does not matter, as long as they are all specified within the command when you press Enter.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.252.196