Chat now with support
Chat with Support

GPOADmin 5.13.5 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root) Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Working with the GPOADmin Dashboard Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands About Us

Root container assignment

If necessary, the GPOADmin administrator can assign a specific container as a user’s or group’s “Root Container”. When the user or group member logs in they will only have access to the container they have been assigned, rather than the default "Version Control Root". This allows for the administration of containers and sub containers to be assigned to specific users or groups without those users being able to access or change managed objects in any other containers.

This assignment is also valid for the PowerShell commands, the GPOADmin Dashboard, and the GPOADmin snap-in for GPMC.

2
Select the Root Container Assignment tab and assign the users or groups who are going to see this as their Root Container.

Restricting GPO management for specific domains

If necessary, you can restrict access to domains to ensure that only specified individuals or groups can view, register, create, and report on items in a domain. You can fine-tune the level of available management based on the level of security.

By default, the Domain Users group is assigned all domain rights to their corresponding domain. To take advantage of the new level of security, you must remove Domain Users and assign rights as appropriate.

1
Expand the Live Environment, right-click the required domain, and select Properties.

Read

A base right that you must apply as it is used with other rights.

This right works with, but does not replace, the delegated custom user Read right that controls whether users and groups can see a version control container’s contents.

Register

Apply this right to users and groups that are assigned the Domain Read right to allow them to register/unregister objects from the selected domain.

This right works with, but does not replace, the delegated custom user Register and Unregister rights that controls whether a user can register objects into a specific version control container or unregister objects.

Create Group Policy Objects

Apply this right to users and groups that are assigned the Domain Read right to allow them to create Group Policy Objects in the selected domain.

This right works with, but does not replace, the delegated custom user Create right that controls whether a user can create an object in a specific version control container.

The Edit right on the Version Control container is also required.

Create WMI Filters:

Apply this right to users and groups that are assigned the Domain Read right to enable them to create WMI Filters in the selected domain.

This right works with, but does not replace, the delegated custom user Create right that controls whether a user can create an object in a specific version control container.

The Edit right on the Version Control container is also required.

Create Scripts (Logon/Logoff Startup/Shutdown):

 

Apply this right to users and groups that are assigned the Domain Read right to enable them to create a script in the selected domain.

This right works with, but does not replace, the delegated custom user Create right that controls whether a user can create an object in a specific version control container.

The Edit right on the Version Control container is also required.

Create Desired State Configuration Scripts

Apply this right to users and groups that are assigned the Domain Read right to enable them to create Desired State Configuration scripts in the selected domain.

This right works with, but does not replace, the delegated custom user Create right that controls whether a user can create an object in a specific version control container.

The Edit right on the Version Control container is also required.

Report

Apply this right to users and groups that are assigned the Domain Read right to enable them to report on objects within the selected domain.

Once applied, they will only see the "Live" report option for objects which exist in the associated domain and only the domains for which the user has this right is displayed in the report wizard.

This right works with, but does not replace, the delegated custom user Run Reports right that controls whether a user can run the “New Report” wizard, and the Run Contextual Reports right which controls whether a user can run the “Live”, “Working Copy”, “Latest”, and “Difference” from the context menu.

Create Starter GPO

Apply this right to users and groups that are assigned the Domain Read right to allow them to create Starter GPOsin the selected domain.

This right works with, but does not replace, the delegated custom user Create right that controls whether a user can create an object in a specific version control container.

The Edit right on the Version Control container is also required.

Configuring role-based delegation

NOTE:  

GPOADmin Administrators can create custom roles that can be applied to specific users to allow them to perform certain functions within the Version Control system. For more information about users with permissions to create roles see Configuring the Version Control server .

See also:

 

System Administrator

System Administrators can perform any action in the Version Control system.

Version Controlled Object Rights include:

 

 

System Administrator (continued)

Version Control Container Rights include:

Protected Settings Rights include:

Moderator

Moderator (Moderators can perform every action a user can, plus undoing check outs from other users and running the compliance wizard.) They can also:

User

User (Users can perform all the basic actions of the Version Control system, such as check in, check out, edit.) They can also:

Creating roles

You can easily create roles with any of the customized rights.

2
Select Delegation | Roles.
3
Click Add New Role.
Related Documents