Chat now with support
Chat with Support

GPOADmin 5.13.5 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root) Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Working with the GPOADmin Dashboard Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands About Us

Working with registered objects

Regardless of the status of the registered GPO, starter GPOS, scripts, DSC scripts, WMI filter, domain, site, or OU (Available, Checked Out, Pending Approval, and Pending Deployment), you can perform the following tasks if you have the appropriate role:

Cloaking a GPO (applies to available GPOs only)
Locking a GPO (applies to available GPOs only)

Creating labels

You can include user-defined history comments (labels) on objects and containers in the Version Control system. This functionality allows users to rollback to an object identified by a specific label.

Expand the Version Control Root node, and select an object.
Select the GPO and click Workflow | Label.

Cloaking a GPO

Cloaking allows you to hide Group Policy Objects (GPOs) from other users. The Cloaking role is not a default role installed with the product, and must be created with the Cloak/Uncloak and View Cloaked rights. By default, Domain Administrators can see all cloaked GPOs.

When a GPO is cloaked using GPOADmin, it is also cloaked in the live environment. Only users with the Cloak/Uncloak or View Cloaked right can see the GPO in the live environment. A cloaked GPO will only be applied to users who have the Cloak/Uncloak or View Cloaked right during group policy processing. All other users will no longer have the GPO applied.

Cloaked GPOs are indicated by a lighter GPO icon.

Locking a GPO

Locking allows you to lock a policy so other users cannot edit it. The Locking role has to be created and consists of the Lock/Unlock right. For example, you may choose to lock the Default Domain Policy and/or Default Domain Controller Policy as any modification to these settings would affect every GPO in the organization.

When a GPO is locked using GPOADmin, it is also locked in the live environment. All users can see the GPO, but no one can edit it.

By default, Domain Administrators can see all locked GPOs and unlock any locked GPO. Locked GPOs are indicated by a lock icon.

Related Documents