Chat now with support
Chat with Support

GPOADmin 5.18 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting the change window for specific actions Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Rights and role for Protected Settings for GPOs

The Protected Settings for GPOs requires the following rights to control the actions of the Protected Settings tab on containers and provide the ability to export GPOs to create protected settings:

These rights are automatically assigned to the System Administrator role when Protected Settings are enabled. No other roles, built in or otherwise, are given the Protected Settings rights. They must be assigned.

Create a role called Prot_All and assign rights listed above and the Read right to this role. No other rights are required for this role.
Right-click the Protected Setting container, and select the Security tab. Click Add and add the user who is going to manage the container. Give them the Prot_All role. Do not give them any other roles to the Protected Settings container. Select OK to apply the security changes.
Select the Security tab, and click Add to add the user account. Give them the User (built-in) and the Prot_All roles. Click Apply and OK.

To review why the above roles were created and assigned consider the following:

Protected Settings policies can be further controlled by delegating who has permission to modify protected settings. To secure the protected settings, you can assign a role (that contains the “Modify Protected Settings” right) to a user on the Protected Settings policy. If during the validation process, GPOADmin determines the current user possess this right, the associated Protected Settings policy is excluded from the validation allowing the modification of those protected settings to proceed.

Create a Protected Settings policy

Once the ability to use Protected Settings has been enabled, you can create the policies using one of the following methods:

Select the Protected Settings container in the tree view.
Right-click and select New | New Protected Settings Policy.
Click Finish.
Refresh the Protected Settings container.
In the Version Control Root, select the GPO you want to use for a Protected Settings policy.
Refresh the Protected Settings container.

Protecting policy settings based on extensions

If required, you can prevent users from editing policy settings based on one or more policy extensions. Once you have selected the extension to block, if a policy contains any settings from the extension, the policy will fail the validation test and will not be checked in.

Available extensions include:

Select the Protected Settings tab and the Blocked Extensions tab.

Generating Protected Settings policies reports

The following reports are available for Protected Settings policies: Latest, Working Copy, and Differences reports.

Select the Protected Settings Root container in the tree view.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating