Modifying computer roles

If you use computer role assignments to control access to a computer, the following permissions are required to modify computer roles:

Select this target object To apply these permissions


This object is listed under a globally unique identifier (GUID) for the Authorization object. For example:


Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read description
  • Read msDS-AzScopeName
  • Read msDS-AzApplicationData
  • Write description
  • Write msDS-AzScopeName
  • Write msDS-AzApplicationData