Chat now with support
Chat with Support

GPOADmin 5.18 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting the change window for specific actions Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Cloaking a GPO

Cloaking allows you to hide Group Policy Objects (GPOs) from other users. The Cloaking role is not a default role installed with the product, and must be created with the Cloak/Uncloak and View Cloaked rights. By default, Domain Administrators can see all cloaked GPOs.

When a GPO is cloaked using GPOADmin, it is also cloaked in the live environment. Only users with the Cloak/Uncloak or View Cloaked right can see the GPO in the live environment. A cloaked GPO will only be applied to users who have the Cloak/Uncloak or View Cloaked right during group policy processing. All other users will no longer have the GPO applied.

Cloaked GPOs are indicated by a lighter GPO icon.

Locking a GPO

Locking allows you to lock a policy so other users cannot edit it. The Locking role has to be created and consists of the Lock/Unlock right. For example, you may choose to lock the Default Domain Policy and/or Default Domain Controller Policy as any modification to these settings would affect every GPO in the organization.

When a GPO is locked using GPOADmin, it is also locked in the live environment. All users can see the GPO, but no one can edit it.

By default, Domain Administrators can see all locked GPOs and unlock any locked GPO. Locked GPOs are indicated by a lock icon.

Establishing Management for an Object

If you have the Modify Managed By right, you can set the user responsible for an object’s management.

Expand the Version Control Root node, and select an object.

Viewing history

You can easily create a report that displays the historical settings for objects in the Version Control system or a comparison of versions. When you view the history in the GPMC Extension, all events are shown. The GPOADmin console has a filter option that you can use to choose which events to display.

Expand the Version Control Root node, and the required container.
Click Print to print the report.
Click Save As to save the report in HTML.
Click Close.
Click Print to print the report.
Click Save As to save the report in HTML.
Click Close.

For more information on the available reports, see Creating Reports .

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating