For each trusted or untrusted domain or forest, a separate GPOADmin installation will be needed to manage the local GPOs.
Child domains are automatically managed by a GPOADmin server installed in the same forest.
You can then connect to each separate GPOADmin instance from a single MMC console.
There are some known limitations on what can be done regarding untrusted forests in GPOADmin.
These are as follows:
• File and directory browsing is performed locally on the client computer.
• Users and groups can only be selected from the client domain and trusted domains.
• Domain-specific information of work-flow enabled Group Policy Objects cannot be set.
• Internet Protocol Security (IPSec) do not load in the Group Policy editor when editing a work-flow enabled Group Policy Object.
• Workflow disabled Group Policy Objects cannot be edited.
• Workflow disabled Group Policy Objects cannot be copied.
• Workflow disabled Group Policy Objects cannot be renamed.
• Workflow enabled Group Policy Object cannot be edited.
• Workflow enabled Group Policy Objects can only be copied to an untrusted domain when the GPOADmin client and source Group Policy Object are in the same domain.
• Workflow enabled Group Policy Objects can only be moved to an untrusted domain when the GPOADmin client and source Group Policy Object are in the same domain.
• Objects cannot be exported to the Live Environment of an untrusted domain.
• Objects cannot be imported from the Live Environment of an untrusted domain.