Chat now with support
Chat with Support

GPOADmin 5.13.5 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root) Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Working with the GPOADmin Dashboard Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands About Us

Selecting events on which to be notified

Using the notification option you can set up to receive an email each time a specified action is performed within the Version Control system.

Select Notifications.

Creating email templates

You can create a custom email template for notifications or email requests (if this option is enabled, see Configuring the Version Control server) and associate it with specific roles. This allows you to standardize the information that is presented to users based on their role within your organization.

You can choose to include attachments and custom subject lines for specified version control actions. For example, you can easily include forms used to track change requests in an external system, risk assessment checklist, or logs in the email.


GPOADmin includes a sample template (DefaultNotificationTemplate.html) in the server installation directory. This file should not be moved or modified; however, you can use it as a basis for the creation of new templates.

Select Delegation | Roles, select the require role, and click View Role.
Select the Email Template tab.
Click Browse to select the template to use for the selected role.
If there are no templates displayed, click Add and browse to where the templates are located. The default template is located at C:\Program Files\Quest\GPOADmin.
To select an attachment to include in the email, select the Attachments tab, click Add, select the action that triggers the attachment inclusion from the list, select the attachment to include by entering its location or browsing to it, and apply the changes.
To include a subject in the email, select the Subject Lines tab, click Add, select the required action, enter the text that you want included in the Subject Line field, and apply the changes.
Click Apply to associate the template.

Working with Protected Settings policies

Protected Settings policies contain settings that you want to control. They are protected in the sense that they contain and identify the settings that may not be altered by users. This provides an added level of security for the policies within your organization. If a user attempts to create, edit, or remove the flagged settings they are stopped.

Protected Settings are identified by examining the difference report between the Protected Settings policies and the Group Policy Object being checked in. The difference is produced by using the Difference Engine in GPOADmin. Once this is completed, the protected setting function searches the difference report for matches based on the specified validation mode.

Protected Settings policies have a modified workflow and follow the typical check-out, edit, and check-in process. As with any other object, when you are ready to make the newly created Protected Settings policy active or edit an existing policy, a request approval action must be initiated.

Once the approval is granted, the Protected Settings policy is available for use.

If a protection issue is detected during check in, users with the Modify Protected Settings right on the GPO in question, have the option to continue with the check in and override the blocked setting or review a report and address the issue.

Protected settings must be:

Select Options | General and select Enable Protected Settings for Group Policy Objects.

See also:

Rights and role for Protected Settings for GPOs

The Protected Settings for GPOs requires the following rights to control the actions of the Protected Settings tab on containers and provide the ability to export GPOs to create protected settings:

These rights are automatically assigned to the System Administrator role when Protected Settings are enabled. No other roles, built in or otherwise, are given the Protected Settings rights. They must be assigned.

Create a role called Prot_All and assign rights listed above and the Read right to this role. No other rights are required for this role.
Right-click the Protected Setting container, and select the Security tab. Click Add and add the user who is going to manage the container. Give them the Prot_All role. Do not give them any other roles to the Protected Settings container. Select OK to apply the security changes.
Select the Security tab, and click Add to add the user account. Give them the User (built-in) and the Prot_All roles. Click Apply and OK.

To review why the above roles were created and assigned consider the following:

Protected Settings policies can be further controlled by delegating who has permission to modify protected settings. To secure the protected settings, you can assign a role (that contains the “Modify Protected Settings” right) to a user on the Protected Settings policy. If during the validation process, GPOADmin determines the current user possess this right, the associated Protected Settings policy is excluded from the validation allowing the modification of those protected settings to proceed.

Related Documents