Hello @StephanG ,
Thank you for posting here.
For delegation permissions for Group Policy, we can refer to the link below, it includes the following two delegation permissions and other delegation permissions.
To delegate permissions for a group or user on a Group Policy Object
To delegate permissions to link Group Policy Objects
Reference
Delegate Permissions for Group Policy
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789195(v=ws.11)
Q:But if i delegate the "Servers - Tier 1" to 2 "Admin Accounts" and one of them get hacked. All my "Tier 1 servers" are kind of lost?
It is not clear whether such a result will occur, but we need to prevent such a situation in advance, for example: increasing the complexity of the administrator’s password or strengthening network security
Q:So is there any other possibility to restrict (without 3rd party) or secure the GPO delegation?
Based on my experience, there is no other way to restrict (without 3rd party) or secure the GPO delegation
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou