Chat now with support
Chat with Support

GPOADmin 5.13.5 - Getting Started Guide

GPO management extension in GPMC

The Extended Group Policy Management Console allows users to work within a familiar interface that incorporates all the benefits of GPOADmin, rather than having them learn a new client interface. When the Group Policy Management Console is opened, the user will see an extra GPO Management tab that will allow them to perform GPOADmin actions on Group Policy Objects from within the Group Policy Management Console.

GPOADmin watcher service

The watcher service protects an organization from unauthorized changes by automatically detecting changes to GPOs, scripts, and Scopes of Management made outside of the Version Control system. An optional component of GPOADmin, the watcher service will monitor registered GPOs, scripts, and Scopes of Management outside of the GPOADmin console for changes and display them as noncompliant with an icon change. If the change is valid, an administrator can either incorporate the change into the version control system or roll back the change to the previous deployed version of the GPO or Scopes of Management.

The GPOADmin watcher service must be run using credentials with sufficient network permissions.

For example, if you have a GPO checked out and it is flagged as noncompliant by the Watcher Service, this indicates that the GPO settings in the live environment have changed since you checked out and started working on that GPO.

Once you have selected GPOs for check-in, the Noncompliant Objects Detected dialog box shows you a list of the non-compliant objects, alerting you of any GPOs that have been modified outside of the version control system of GPOADmin, and providing you with the following options:

Watcher service polling interval

The default polling interval is 45000 milliseconds (45 seconds). If desired, you can alter this to meet your needs.

2
Select Decimal as the Base when editing the value.

Excluding security modifications on Scopes of Management from the watcher service

If needed, you can use a registry key to prevent the watcher service from flagging a Scope of Management as non-compliant when modifying the security natively.

If you select to enable this, you need to redeploy all registered scopes of management to ensure that security is either included or excluded (depending on the value) in the latest backup used to perform the comparison. If you do not redeploy the SOMs, they will be flagged as non-compliant.

1
Set the ExcludeSOMSecurityFromHash registry value to 1. By default this is set to 0.

 

Related Documents