GPOAdmin 5.15 - What is new and Resolved (4220068)

New Features:

• GPO Validation:
  • To ensure that the GPOs within your system are still required, you can setup an attestation process If a GPO has not been deployed within the specified date range, an email will be sent to the account designated as its manager to attest to its validity
• Retention schedule for backups:
  • You can select to limit the backups to keep based on a specified number, age, or date. Backup retention settings apply to SQL configuration stores only
• Email approval enhancement:
  • Ability to ensure that email approvals are processed only by users in Microsoft Exchange distribution groups who have the rights to do so. Validation is enabled in the email notification options in the Version Control properties and through the EnforceAccountValidation parameter in the Set-GmailSettings and Set-ExchangeSettings commands
• Deployment restrictions:
  • Ability to restrict deployment windows by setting the day and time when users are allowed (or denied) to make modifications to objects. This functionality requires the delegation of the new Modify Change Window right, which allows administrators to set the change window and override it when required
• Synchronization Target Editor updates:
  • Ability to view the source version number the target was last synchronized with in the Synchronization Target editor
  • Ability to synchronize to one or more individual targets from existing targets from within the Synchronization Target editor
• Additional PowerShell commands:
  • Delete data from SMTP and workflow notification settings using:
    • Clear-GmailOptions -WorkflowOrSMTP
    • Clear-ExchangeOptions -WorkflowOrSMTP
    • Clear-SMTPOptions -WorkflowOrSMTP

• Manage the live environment security using:
  • Get-LiveEnvironmentSecurity
  • Add-LiveEnvironmentSecurity
  • Remove-LiveEnvironmentSecurity
  • Clear-LiveEnvironmentSecurity
• Manage the domain security using:
  • New-DomainACE
  • Get-DomainSecurity
  • Add-DomainSecurity
  • Remove-DomainSecurity
  • Clear-DomainSecurity
• Get a list of failed deployments using:
  • Get-FailedDeployment
• Manage the retention period for backups using:
  • Clear-BackupsByRetention
  • Set-BackupsRetention

• Additional Reports:
  • Role Assignment report that allows you to determine which rights and roles a user is assigned both directly and indirectly through group membership.
  • All Actions report that allows you to report on multiple users, types of object and actions during a specified date range
• Additional platform support:
  • Windows Defender Credential Guard
    NOTE: GPOADmin can run in environments that have Windows Defender Credential Guard enabled. However, due to a compatibility issue with our Autorun utility, GPOADmin must be installed manually using the GPOADmin.MSI file found with the installation CD or download package
  • Azure SQL Managed Instance
• Miscellaneous Updates:
  • Restrict inheritance settings for notifications. This functionality requires the delegation of the new Block Notification Inheritance right which allows users to block inheritance of notification settings from the Version Control root to child containers and objects.
  • Replace the Scope of Management links in the source GPO with the links in the target GPO during a merge
  • View the group policy inheritance for the selected Scope of Management, including the location where they are linked and the order in which they will be applied
  • Addition of compliance status column for version controlled objects in the GPOADmin console
  • View failed deployments in the Failed Deployment folder located under the Search Folders.
  • View the synchronization source and target GPOs with their relevant domains in the GPOAdmin event log
  • Enforce naming conventions for all GPOs and WMI filters at the container level through the object’s property page
  • Delete data from SMTP and workflow notification settings

Resolved Issues:

• GPO setting edits are not applied when a GPO is linked before the settings are deployed - 193039
• Unregister and remove history does not delete data in the backup share - 194496
• Newly created OU canonical name displays in the wrong order - 195029
• GPO version incorrectly increments when an edit is not completed - 197644
• Synchronization targets are duplicated when they are set using AD / ADLDS as the configuration
• Store - 199061
• Unable to modify live environment security after an upgrade - 200403
• During a GPO merge, some extensions are not merged correctly - 200404
• Register right on the live domain is required to merge GPOs - 202225
• Registering a GPO results in permissions being out of sync in GPMC before the GPOs firstdeployment from GPOADmin - 207496
• The GPO Comparison report does not function properly when policies are managed on different GPOADmin servers in the same console - 207635
• Users granted live environment access through a non-domain users group are unable to import objects from the live environment - 207753
• When merging GPOs to an existing GPO, the extension value in Active Directory is overwritten rather than merged - 210355
• Workflow approvals are not processed in order when ADLDS is used as the configuration store - 214908
• GPOADmin closes unexpectedly when running a GPO modeling report - 210143
• Unable to merge GPOs between foreign domains - 194008
• Unable to run the database creation scripts - 194347
• Entering text in the search field in the Options dialogue causes GPOADmin to close unexpectedly - 199736
• Email address must be set for users to see notifications in Notification manager. Users are not notified when adding notifications through PowerShell - 205078
• Unable to make changes to the installation through Add / Remove Programs. Workaround: Launch the original installer and click the Change button - 191292
• The Object Picker in the installer does not list Service Accounts - 189611
• Option to enable SMTP notifications through Exchange is enabled with a new installation - 191328
• Regardless of the number of assigned approvers, workflow buttons are only included in the first approver’s email - 703601