Cannot Create new Group Policy Object (GPO)

Question

I was tasked to create a script where I can automated the configurations of group policy objects (GPO) using PowerShell. I'm creating a new GPO using this command:

New-GPO -Name "foo"

But, whenever I try to create a new GPO, I always encounter this error:

New-GPO : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At line:1 char:1
+ New-GPO -Name "foo"
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [New-GPO], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.GroupPolicy.Commands.NewGpoCommand

I searched for the error code behind this, and it has something to do with the authorization of access behind this. I tried many things like downloading RSAT and other applications, but still, I can't allow my user to create a new GPO. Any help would be greatly appreciated. Thanks in advance.

score 0 · Answer 1 · answered Jun 20 '14 at 09:36

0

If you read the documentation it says: "Only domain administrators, enterprise administrators, and members of the Group Policy creator owners group can create GPOs. These users must run Windows PowerShell in an elevated state."

answered Jun 20 '14 at 09:36

David Brabant

41,623
16
83
111

Hi, David. How can I make my user a member of the Group Policy creator owners? – Miguel Roque Jun 22 '14 at 23:32

score 0 · Answer 2 · answered Jun 28 '16 at 14:51

Miquel Roque.

In your Domain, your user-account needs to have any of the previously mentioned groups: domain administrators enterprise administrators Group Policy creator

All groups and access is added inside "Active Directory Users and Computers" from a manangement server or mmc console.

You also need to run Powershell elevated (Run as Administrator).

Cannot Create new Group Policy Object (GPO)

2 Answers2