Default permissions
The default permissions on Group Policy objects are as follows:
| Security group | Default settings |
Authenticated users | Read, Apply Group Policy (AGP) |
Local system | Full Control (includes AGP) |
Domain administrators | Read, Write, Create Child, Delete Child, AGP |
Administrators | Read, Write, Create Child, AGP |
By default, the Group Policy object Default Domain Policy cannot be deleted by any administrator. The purpose of this restriction is to prevent the accidental deletion of this Group Policy object, which contains important and required settings for the domain. If Default Domain Policy must be deleted for some reason, the Delete permission must be given explicitly to the intended group. This is an advanced access control entry (ACE) on the Group Policy object.
For details about Folder Redirection permissions, see Folder Redirection For more information, see To set permissions for Software Installation and Resources
