All,
I have a bit of a weird scenario that I'd love some help with. The bulk of my orgainzation's network and Active Directory footprint is managed by another company. As a result, we do not have direct access to edit GPO. Instead, we must submit change requests to the third party organization.
We have SEE 11.0 installed and configured to use AD to manage endpoints. The problem with this is we can't use native SEE policies, but we also can't use SEE's group policy functionality because we do not have access to manage group policy.
Our partner organization has offered to set up a service account for SEE to use to manage group policy, but I'm not clear exactly what permissions this account will need. My guess is the account will need access to view and edit group policy for each OU in our domain. Is this understanding correct? My fear is that our partner organization will be very hesitant to give us a service account with that level of access.
Any and all suggestions / help are welcome. If my understanding of how SEE manages policy is incorrect please let me know!
Thanks!