Tchater maintenant avec le support
Tchattez avec un ingénieur du support

GPOADmin 5.16 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root) Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Linking GPOs to multiple Scopes of Management

If required, you can easily take existing registered GPOs and link them to any number of SOMs within your deployment.

To link GPOs to multiple SOMs
1
Select two or more registered SOMs, right-click and choose Apply Link.
2
Click the browse button to open the Choose a Group Policy Object dialog.
3
Select the required GPO and click OK.
By default, the links will be applied to all selected Scopes of Management. You can, however, select to remove the application for specific SOMs by clearing the individual check box.
The way in which the link is applied is set through the available options:
If the GPO is not currently linked to a SOM, the default settings are enabled:
Enabled: This settings reflects the setting in the Version Control Server properties.
Enforced: Not enforced.
Link Order: Append link order.
If the GPO is currently linked to one of the selected SOMs, the existing settings for that SOM are displayed.
6
If required, you can change the individual options or use the top level check box to set the options for all the selected SOMs.
* 
NOTE: To set the link as a specific link order, uncheck the check box for the specified SOM under the Link Order column, set the required link order using the up and down arrow. If the link order is set to a higher number than the current link count, the link will be appended.
7
Once you have all your settings in place, click OK.
When the link action completes, the results are displayed in the Link Results dialog. If any of the links failed or an SOM was skipped, an error message displays the details so that you can take corrective action.

Managing compliance issues automatically with remediation rules

You have the option to setup an automatic way to deal with objects that have become non-complaint due to a modification or deletion performed outside of GPOADmin.

By default, the remediation option is set to None (no automatic resolution) at the Version Control Root level. Any remediation option set at this level will filter down to all child objects and containers unless you have specifically configured them to override their parents settings.

 

* 

Watcher Service requirements
The Watcher service is required to perform the compliance remediation actions. If the service is not running all remediation settings will be ignored.
If the Watcher service account is not the same account as the GPOADmin service, it must be added to GPOADmin as and Administrative account.
Remediation is not support on Protected Settings policies and WMI Filters as these objects are not monitored by the Watcher service.
To configure compliance remediation
* 
NOTE: Only users with the Set Remediation Rule can set these options.
1
Right-click the required object or container and select Properties.
2
Select the Remediation tab and choose how you want to handle objects that have become non-compliant due to a modification or deletion.
If an object has become non-compliant due to:
Available options to resolve the compliance issue

Modification

NOTE: Rollback with links and restore with links only apply to GPOs. All other objects will perform either a rollback or a restore remediation action.
Rollback
Rollback with links
Incorporate live
Unregister

Deletion

NOTE: Restore and Restore with links remediation is not supported on Scopes of Management.
Restore
Restore with links
Unregister
3
Click OK. Once a rule has been set it will be applied when the object is flagged as non-compliant. If the object does not have a remediation rule applied then the first rule found on a parent container will be applied.

Validating GPOs

To ensure that the GPOs within your system are still required, you can setup an attestation process. If a GPO has not been deployed within the specified date range, an email will be sent to the account designated as its manager to attest to its validity.

This option is supported for SQL and AD / AD LDS as a configuration store and all backup stores.

To configure GPO attestation
1
Right-click the required object or container and select Properties.
2
Select the Attestation tab.
3
Select Enable Attestation.
4
Set the date range (days, weeks, or months) for a GPO deployment that when exceeded will trigger a notification.
5
Enter the email notification subject and message.
You can right-click and select Insert Tag to use any of the following pre-defined tags: Action, Comment, Domain Name, Full Path, ID, Last Backup ID, Name, Status, Sub status, Trustee Name, Trustee SID, Type, Version, Version Control ID, Last Deployed On. (See Predefined Tags for tag details.)
6
Click OK.
The version control system is polled every 24 hours to identify GPOs that have not been deployed within the specified date range. Once identified, the attestaion email notification is sent to the account that is designated as its manager (Managed By property).
* 
NOTE: If you have GPOs that you do not want to validate, you can select to Override Inherited Attesatation and click to clear the Enable Attestation option.
 

Managing GPO revisions with lineage

If required, you can manage GPO revisions through lineage by selecting a specific GPO to revert to when a rollback is performed. When this is configured, every SOM linked to the GPO will be updated the lineage GPO.

* 
NOTE: Only users with the Set Lineage right can set the lineage.
To configure GPO lineage
1
Right-click the GPO that you want to manage and select Properties.
2
Select the Lineage tab and choose Enable Lineage.
3
Select the browse button and choose the GPO to revert to when a rollback is performed.
4
Click OK. Once this is set, a GPO rollback will unlink the GPO and re-link with the assigned lineage GPO.
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation