Im trying to grant "Resultant Set of Policy (Logging) to an Active Directory group using dsacls;
dsacls.exe "ou=Disabled Computers,dc=domain,dc=local" /I:T /G "DOMAIN\RBAC-Workstations-Admin":CA;"Generate Resultant Set of Policy (Logging)"
but the menu option in ADUC stays grey out for group members. Using the exact same command for a user eg.
dsacls.exe "ou=Disabled Computers,dc=domain,dc=local" /I:T /G "DOMAIN\unprivileged.user":CA;"Generate Resultant Set of Policy (Logging)"
works fine. There has been no issue using the RBAC group name with other permissions applied by DSACLs just this one. If the group is delegated the right via the GUI wizard it works fine.
Checking the Advanced permissions shows that the same right is assinged using dsacls and the GUI wizard.
What is happening ?????