Chat now with support
지원 담당자와 채팅

GPOADmin 5.13.5 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root) Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Working with the GPOADmin Dashboard Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands About Us

Configuring the Version Control server

You must configure the Version Control server the first time that you connect to it.

1
Right-click the GPOADmin node and select Connect To.
2
Select the required Version Control server and click Connect to connect with the current logged on user credentials. Alternatively, select the down arrow in the Connect button and select Connect As to enter new credentials (domain\user and password).
3
To save the credentials, select the Remember my password check box and click OK.
4
In the Select a Configuration Store dialog, select Active Directory, AD LDS, or SQL Server for your configuration storage location.
SQL Injection inserts malicious code into SQL statements which can lead to security vulnerabilities. To protect your environment from a SQL Injection attack, you can mark SQL statement inputs that are not permitted. See Editing the Version Control server properties. By default, we have marked the following inputs as not permitted. If you allow these inputs, malicious code may be inserted in a SQL statement resulting in security vulnerabilities:
Table 2. SQL inputs

:

Denotes the end of a SQL query. Allowing this character can permit malicious queries to be included in user input.

--

All trailing input is interpreted as a comment until the new line character.

/*

The character combination used to denote the start of a block comment. All trailing input is interpreted as a comment until the comment end delimiter.

*/

The character combination used to denote the end of a block comment. Input between the comment start delimiter and the comment end delimiter is interpreted as a comment.

xp_

Extended procedures are routines residing in DLLs that function similarly to regular stored procedures. The extended stored procedure function is executed under the security context of Microsoft SQL Server.

\AUX

Generally, the AUX port on a PC is computer port 1 (COM1), which is the first serial port with a preconfigured assignment for serial devices. File paths can be constructed using this input.

\CLOCK$

The system clock. File paths can be constructed using this input.

\COM1

The first Communications port. File paths can be constructed using this input.

\COM2

The second Communications port. File paths can be constructed using this input.

\COM3

The third Communications port. File paths can be constructed using this input.

\COM4

The forth Communications port. File paths can be constructed using this input.

\COM5

The fifth Communications port. File paths can be constructed using this input.

\COM6

The sixth Communications port. File paths can be constructed using this input.

\COM7

The seventh Communications port. File paths can be constructed using this input.

\COM8

The eighth Communications port. File paths can be constructed using this input.

\CON

A common device name for the keyboard and screen. File paths can be constructed using this input.

\CONFIG$

A configuration information file. File paths can be constructed using this input.

\LPT1

The first line print terminal. File paths can be constructed using this input.

\LPT2

The second line print terminal. File paths can be constructed using this input.

\LPT3

The third line print terminal. File paths can be constructed using this input.

\LPT4

The fourth line print terminal. File paths can be constructed using this input.

\LPT5

The fifth line print terminal. File paths can be constructed using this input.

\LPT6

The sixth line print terminal. File paths can be constructed using this input.

\LPT7

The seventh line print terminal. File paths can be constructed using this input.

\LPT8

The eighth line print terminal. File paths can be constructed using this input.

\NUL

The NUL port. File paths can be constructed using this input.

\PRN

The DOS name for the first connected parallel port. File paths can be constructed using this input.

Active Directory

Click Next.

AD LDS

Enter the server and port name, and click Next.

For more information about an AD LDS deployment, see Setting permissions on AD LDS .

SQL Server

Enter the server name and the required authentication information, and click Next.

Network Share

Browse to and select the required network share or directory, and click Next.

7
Click Finish.

Setting permissions on AD LDS

To use GPOADmin with an AD LDS deployment, users must be assigned the Administrators role.

3
To grant the user rights, right-click the Administrators role and select Properties.

Setting permissions when using SQL as the configuration store

Perform the following after installing GPOADmin and before configuring the GPOADmin server.

a
In Microsoft SQL Server Management Studio, select File | Open | File or press the control key and the O key (Ctrl + O).
b
In the Open File dialog, select the GPOADmin.sql file and press OK. This file is located in the GPOADmin server install directory by default, but if your SQL server is on a different computer, the file can be copied.
d
Click the Execute button or press F5 to create the database.
b
Set the available database to the name of your GPOADmin database or type USE [DATABASE_NAME] where DATABASE_NAME is the name of your GPOADmin database.
c
On the next line, type EXEC InitializeDatabase.
d
When ready, click the Execute button or press F5 to run the command.
b
Right-click Logins and select New Login.
e
Set the Default database property to the name of your GPOADmin database.
g
On the User Mapping page, under Users mapped to this login, check the name of your GPOADmin database. Under Database role membership for the selected database, check db_owner and public.
h
Click OK to close the properties page.

Port requirements

The following ports must be open for the application to function correctly:

Name resolution can be achieved using DNS on port 53 or WINS (downlevel) on port 137.

Between the client and the GPOADmin Server:

 

From the GPOADmin Server:

Configuration storage

GPO Archives

관련 문서