Microsoft Advanced Group Policy

Advanced Group Policy Management (AGPM)

Microsoft Advanced Group Policy Management (AGPM), a core component of the Microsoft Desktop Optimization Pack for Software Assurance, makes it easier for IT organizations to keep enterprise-wide desktop configurations up to date, enabling greater control, less downtime, and reduced total cost of ownership (TCO).
Group Policy objects (GPOs) play a powerful role in how your network is managed and secured. They enable IT staff to manage user and desktop settings on many computers at once. This means that every change to Group Policy usually affects multiple users and computers on the network. There is a risk associated with this degree of flexibility. Without a change control system, when IT teams alter GPOs, those changes can start affecting computers before they have been tested. If there’s a problem with the updates, it can be difficult to quickly reverse them.
Additionally, although Group Policy provides a delegation model, the editor role has full permissions to deploy changes to the live environment. With the possibility of multiple editors per GPO, there is no way to detect who has made which changes, or to accept or reject changes before they are put into effect. With AGPM you can:

Increase control of your Group Policies:

Microsoft Advanced Group Policy Management provides a more secure archive for controlling changes to GPOs by letting IT develop, review, and modify GPOs without affecting employee desktops. By acting as an extension to the Active Directory management console and providing granular administration, AGPM enables your staff to have much greater control over how edits are made and applied, resulting in a much richer level of PC manageability.

Reduce downtime keeping users productive:

Microsoft Advanced Group Policy Management helps you avoid the downtime that can result from improperly configured or conflicting GPOs. Its offline editing and workflow delegation capabilities allow IT to configure, test, and approve changes before they go live, and quickly roll back changes if needed. It also helps IT recover deleted GPOs and repair live GPOs, reducing the risk of widespread failures.

Improve total cost of ownership with reduced support costs:

Robust difference reporting and audit logging help your IT staff quickly diagnose and prevent problems with Group Policies. This enhanced diagnostics capability translates to fewer helpdesk calls and labor costs. It also increases both end-user and IT productivity, improving overall desktop TCO.

What’s New in AGPM 4.0 ?!

Microsoft Advanced Group Policy Management (AGPM) 4.0 includes new features that let you search for Group Policy Objects (GPOs), filter the list of GPOs displayed, export and import a GPO to a different forest, and install AGPM on computers running Windows® 7 and Windows Server® 2008 R2.

Search and filter GPOs

In AGPM 4.0, you can search the list of GPOs for specific attributes to filter the list of GPOs displayed. For example, you can search for GPOs with a particular name, state, or comment. You can also search for GPOs that were last changed by a particular Group Policy administrator or on a particular date.

You can create a complex search string by using the format GPO attribute 1: search text 1 GPO attribute 2: search text 2…, where a GPO attribute is any column heading in the list of GPOs in AGPM. For example, to search for all GPOs with names including the text “MyGPO” that are checked in and were last changed by the user Editor03, you would type the following in the Search box: name: MyGPO state: checked in changed by: Editor03. The search returns partial matches so that you can enter part of a GPO name or user name and view a list of all GPOs that include that text in their name.

Additionally, you can use the same special terms available when you search in Windows to search for GPOs changed on a specific date or range of dates. For example, change date: lastmonth or change date: thisweek.

Export and import GPOs to different forests

Using AGPM 4.0, you can copy a controlled GPO from a domain in one forest to a domain in a second forest. For example, you can export a GPO from a domain in one forest to a CAB file by using AGPM, copy that CAB file to a USB drive, plug the USB drive into a computer in a domain in a second forest, and import the GPO into AGPM in a domain in the second forest. You can either import the GPO as a new controlled GPO, or import it to replace the settings of an existing GPO that is checked out.

Support for Windows Server 2008 R2 and Windows 7

AGPM 4.0 supports Windows Server 2008 R2 and Windows 7, yet still supports Windows Server 2008 and Windows Vista® with Service Pack 1 (SP1). However, there are limitations in a mixed environment that includes both the newer and older operating systems, as indicated in the following table.

What AGPM installs, creates, and affects, Where should I install it ?!!

On an AGPM Server, the AGPM Setup program installs the AGPM Service. AGPM does not alter the Active Directory® directory service or the schema. By default, the AGPM Server program files are installed in %ProgramFiles%\Microsoft\AGPM\Server. You can install the AGPM Service on a domain controller if you have to; however, we recommend that you install the AGPM Service on a member server !!!

Change Control after Installing the AGPM



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s