Chat now with support
Chat mit Support

GPOADmin 5.20 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting the change window for specific actions Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Using Protected Settings policies

Once Protected Settings policies have been enabled through the Version Control properties and created they need to be applied to a container in GPOADmin.

This is done through new option on all containers that becomes available when the Enable Protected Settings for Group Policy Object is enabled.

2
Select the Protected Settings tab.
3
Select the Add button.
If you selected Value from the drop-down list, you can now choose the items to check. Select from the following:
None: Items that exist in the policy that do not exist in the Protected Settings Policy are ignored.
User Rights Assignment: Items that exist under the User Rights Assignment in the policy that do not exist in the Protected Settings Policy are included in the validation process and are flagged as Invalid.
All: Items that exist in the policy that do not exist in the Protected Settings Policy are included in the validation process and are flagged as Invalid
a
Settings defined in the Protected Settings policy are not allowed: If a setting with the same name as a setting in the protected policy is detected in an active GPO, notification is generated. The value does not have to be the same for the setting, just the setting name.
b
Values other than those defined in the Protected Settings policy are not allowed: If there is a setting used in the active GPO that has a value different than the protected value, then a notification is generated.
6
To block the Protected Settings from the parent container, select the Block Protected Settings Inheritance setting. You may want to do this as this container needs a unique protected setting and the setting from the parent would conflict with the new settings being applied.
8
If necessary, select Include Group Policy Objects in all child containers to allow the checking of all child containers against the assigned protected settings policy.

Checking a GPO against a Protected Settings policies and blocked extensions

A GPO that resides in a container with Protected Settings enabled will be checked against the protected settings policy when the GPO is checked in using Check-In.

During a check-in, the GPO is checked against the Protected Settings policy and any blocked extensions. Users that have the Modify Protected Settings right on the GPO in question, will have the option to continue with the check in and override the blocked setting or review a report and address the issue.

The report displays with the associated Protected Settings policies and blocked extensions, how many matches were found, and the Validation mode (either setting name or value).

Validating a GPO against a Protected Settings policies and blocked extensions before a check-in

A GPO can be checked against the Protected Setting policy and blocked extensions before checking it in.

1
Right-click the GPO you want to check and select Protected Settings | Verify Protected Settings.
2
Select View Report to generate a report that displays the differences between the GPO and the Protected Settings policy. You can select to print or save the report. Once you have finished viewing the report click Close.
3
Click OK in the Protected Settings Modifications Detected dialog box to close it.

Working with Protected Settings Policy Baselines

If you have GPOADmin configured with SQL as the configuration store, you can select to assign Protected Setting policies to individual GPOs as policy baselines.

When this option is enabled, the Watcher service will validate the settings against the policy baseline when a registered GPO is modified outside of GPOADmin. If a deviation is detected, a notification will be sent to all subscribers of the policy Deviation notification. The notification will include a difference report that is focused on only the settings that are in the baseline.

3
Select Options | General and select Enable Protected Settings for Group Policy Objects and select Enable Policy Baselines.
1
Expand the Version Control Root node, and the required container.
3
Select Notifications, and subscribe to the Policy Deviation notification.
1
Edit or create a new role and assign the Modify Protected Settings Baseline Assignment right. See Configuring role-based delegation for details.
1
As a user with the Modify Protected Settings Baseline Assignments right and the Read right on one or more Protected Settings Containers, right-click a policy and select Properties.
2
Click the Policy Baseline tab.
3
Click to enable to Monitor this policy for deviations from the following Policy Baselines option.
4
Click Add to open the Policy Browser dialog, select the baselines to add, and click OK.
5
Click OK again to save and apply your changes.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen