RSoP Delegation
Typically, system administrators specify policy and generate RSoP data for specified targets in a domain (target computers and target users). However, you can delegate the ability to generate RSoP data to other users. You can specify planning-mode delegation or logging-mode delegation.
-
Planning-mode delegation.
-
By default, only domain Administrators and enterprise Administrators in the target domain can generate planning-mode data for a target user or computer. To delegate the generation of planning-mode data to another user, grant the user the Extended Right to Generate Resultant Set of Policy (Planning) on the target Scope of Management (SOM) in the target domain.
-
Logging-mode delegation.
-
By default, only domain and enterprise Administrators in the target domain, and members of the local administrators group on the target computer, can generate logging-mode data for a target user or computer. To delegate the generation of logging-mode data to another user, grant the user the Extended Right to Generate Resultant Set of Policy (Logging) on the target SOM in the target domain. A non-administrative user, who is logged on to a computer, can also generate logging mode-data for himself or herself on that computer.
In both delegation types, if you do not specify a SOM, the SOM defaults to the immediate SOM of the target.