Chatee ahora con Soporte
Chat con el soporte

GPOADmin 5.17 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting when users can modify objects Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Selecting events on which to be notified

Using the notification option you can set up to receive an email each time a specified action is performed within the Version Control system.

* 
NOTE: Only users with the Set Notification right can manage GPOADmin notifications.
To set up notification
1
Navigate to the version-controlled object for which you want to be notified.
2
Right-click the object and select Options.
3
Select Notifications.
4
Select the events that you want to be notified about, and click OK.
A notification email will now be sent when the specified events take place on (and beneath, in the case of a container) the selected object.
* 
NOTE: To set up the email address for the notification messages, see Configuring user preferences or Adding notifications for users .

Restricting inheritance on notifications

If required, you can select to restrict the inheritance on notification settings from the Version Control root to child containers and objects.

* 
NOTE: Only users with the Block Notification Inheritance right can restrict notifications.
To block the notification settings on child containers and objects:
1
Right-click the Version Control Root node, required container or object, and select Properties.
2
Select the Notifications tab.
3
Click to enable the Block inheritance option.
4
Select the actions for the selected container or object that you want to be notified on.
5
Click OK.
The notification settings will now follow the selected configuration rather than be inherited from the parent container,

Creating email templates

You can create a custom email template for notifications or email requests (if this option is enabled, see Configuring the Version Control server) and associate it with specific roles. This allows you to standardize the information that is presented to users based on their role within your organization.

You can choose to include attachments and custom subject lines for specified version control actions. For example, you can easily include forms used to track change requests in an external system, risk assessment checklist, or logs in the email.

* 
NOTE:  
Administration accounts must be explicitly added to the GPOADmin Administrators group in order for the email template assigned to the System Administrator Role to be used when sending notification to an administrator. You can set this option through the Access tab in the Version Control Options.
If notifications are not delivered, check the attachment filters on your mail server.
* 
NOTE: If required, you can modify the information generated by the Watcher Service by creating a new role specifically for it and then customizing an existing template or creating a new template to associate with it.

For example, to ensure that the Watcher Service or server name does not display in the notification message, remove the following section from the template html file:

<tr>

<td class="style3">
Detected on:
</td>
<td>
[MACHINENAME]
</td>

</tr>

The keyword MACHINENAME specifies the computer where Watcher Service is running.

GPOADmin includes a sample template (DefaultNotificationTemplate.html) in the server installation directory. This file should not be moved or modified; however, you can use it as a basis for the creation of new templates.

To select an email template for an existing role
1
Right-click the forest node, and select Options.
2
Select Delegation | Roles, select the require role, and click View Role.
3
Select the Email Template tab.
4
Click Browse to select the template to use for the selected role.
By default, the DefaultNotificationTemplate.html in the server install directory is used by the notification system if the specified custom template cannot be found.
If there are no templates displayed, click Add and browse to where the templates are located. The default template is located at C:\Program Files\Quest\GPOADmin.
5
Select the template and click OK.
6
Select the cost for this template.
If a user is a member of two or more roles which have subscribed to the same notification, the email template associated with the role with the lowest cost is the one used for that user.
For example, User A has subscribed to all event on Version Control Root. They are a member of the Moderators role set on the Version Control Root container and a member of the Administrators Role set on a child container When a version-controlled object is Checked-Out in the child container a notification is sent to them. GPOADmin determines that user A is a member of two roles. The cost that you have applied to the role tells the system which template to use when sending the notification. If the Moderators role has a lowest cost then the cost associated with the Administrators role, then the template associated with the Moderators role is used.
7
To select an attachment to include in the email, select the Attachments tab, click Add, select the action that triggers the attachment inclusion from the list, select the attachment to include by entering its location or browsing to it, and apply the changes.
* 
NOTE: You can optionally use any GPOADmin predefined tag in this field.
To further control the inclusion of attachments, you can use keywords. The attachment is only included if the specified keywords are present in the list of keywords on the version-controlled object.
Enter, enable, disable keywords as required. (Check an existing keyword to have it associated with this attachment and click to clear the keyword to exclude it.)
* 
NOTE: Any attachment with an empty keyword list would always be included for the associated action.
8
To include a subject in the email, select the Subject Lines tab, click Add, select the required action, enter the text that you want included in the Subject Line field, and apply the changes.
To further customize the subject line, you can use tags and keywords.
Tags allow you to include a very specific subject line. For example, if you select Type, Name, and Trustee Name from the drop down list (The “[TYPE] '[NAME]' has been checked in by [TRUSTEENAME]”), the resulting email for a GPO named Sales would be "The GPO 'Sales" has been checked in by domain\user".
Keywords allow you to include a set subject line when the specified keywords are present in the list of keywords on the version-controlled object.
9
Click OK.
10
Click Apply to associate the template.

Working with Protected Settings policies

Protected Settings policies contain settings that you want to control. They are protected in the sense that they contain and identify the settings that may not be altered by users. This provides an added level of security for the policies within your organization. If a user attempts to create, edit, or remove the flagged settings they are stopped.

Protected Settings are identified by examining the difference report between the Protected Settings policies and the Group Policy Object being checked in. The difference is produced by using the Difference Engine in GPOADmin. Once this is completed, the protected setting function searches the difference report for matches based on the specified validation mode.

Protected Settings policies have a modified workflow and follow the typical check-out, edit, and check-in process. As with any other object, when you are ready to make the newly created Protected Settings policy active or edit an existing policy, a request approval action must be initiated.

Once the approval is granted, the Protected Settings policy is available for use.

* 
NOTE: These policies differ from other GPOs in that they are not deployed to the environment.

If a protection issue is detected during check in, users with the Modify Protected Settings right on the GPO in question, have the option to continue with the check in and override the blocked setting or review a report and address the issue.

Protected settings must be:
Enabled within the domain
Created with the selected settings
Applied to the required container within GPOADmin
To enable Protected Settings for Group Policy Objects
1
Right-click the domain and select Options.
2
Select Options | General and select Enable Protected Settings for Group Policy Objects.
3
Click OK.
A new Protected Settings Root container is created to store and manage the Protected Settings policies deployed within your environment.

See also:
Rights and role for Protected Settings for GPOs
Create a Protected Settings policy
Generating Protected Settings policies reports
Using Protected Settings policies
Checking a GPO against a Protected Settings policies and blocked extensions
Validating a GPO against a Protected Settings policies and blocked extensions before a check-in
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación