Chat now with support
Chat with Support

GPOADmin 5.18 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting the change window for specific actions Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Introducing Quest GPOADmin

Security issues are becoming paramount within organizations. Within Active Directory, Group Policy Objects (GPOs) are at the forefront of an organization's ability to roll out and maintain functional security. Core aspects such as password policies, log on hours, software distribution, and other crucial security settings are handled through GPOs. Organizations need methods to control the settings of these GPOs and to deploy GPOs in a meaningful and safe manner with confidence. Since GPOs are so important to the proper operating of the Active Directory, organizations also need methods to restore GPOs when they are either incorrectly updated or have become corrupt.

GPOADmin offers a mechanism to control this highly important component of Active Directory. First, GPOs are backed up in a secure manner, then placed under version control. When changes are made, a backup of the GPO is again made. Changes are managed from the Version Control system, and approvals for any changes are required. Stored GPOs can be retrieved if the current GPO in the directory is not valid for any reason. This means that GPOs are managed and deployed with a secure rollback capability. When an issue does arise, the time between the discovery of the issue and its resolution is kept to a minimum, because a previous version of the GPO can be restored.

GPO implementation is a key consideration when planning your organization’s Active Directory structure. GPOs streamline management of all user, computer, and configuration issues to ensure smooth day-to-day network operation.

You can use GPOs to control specific configurations applied to users and computers through policy settings. When grouped, the policy settings form a single GPO, which you can then apply to sites, domains, and OUs.

You can define settings for users and computers and then rely on the system to enforce the policies. GPOs provides computer and user configuration policies.


GPOADmin features

Group policy version control is crucial to an organization’s efforts to safeguard continual operation. GPOs can have a negative impact on users’ ability to access the network and resources they need to work efficiently.

GPOADmin allows administrators to check the status of a GPO, back up changes into a common data repository, and report on that repository as required. If a GPO has become corrupt or is no longer in a working state, any previous iteration of a GPO can be retrieved.

Client/server architecture

The client/server architecture facilitates granular security and delegation. GPOADmin runs under the security context of a privileged service account that must have full access to GPOs in the managed forest.

This architecture allows for multiple servers to be installed within the same forest, allowing you to manage domains independently. Clients can connect to any deployed server within any Active Directory forest. GPOADmin maintains a most recently used (MRU) list of servers to which the users have previously connected to facilitate quick subsequent server connections.

Multiforest support

The GPOADmin management console allows you to connect to multiple GPOADmin Server Service instances within the same console. The GPOADmin Server Service could be from a trusted or non-trusted domain or forest. You can provide credentials for all non-trusted domains and forests while connecting to the nontrusted environments. By enumerating all GPOADmin Server Service instances, you can manage all Version Control systems from a single console, thus making it much easier to transition GPOs from a test environment to production.


Although not recommended, if you plan to manage GPOs in an untrusted domain from your local client console, the following limitations must be considered:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating