Chat now with support
Chat with Support

GPOADmin 5.21 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting the change window for specific actions Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Microsoft 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Port requirements

* 
CAUTION: Conduct a thorough threat analysis before opening these services to an untrusted network.

The following ports must be open for the application to function correctly:

Name resolution can be achieved using DNS on port 53 or WINS (downlevel) on port 137.

Between the client and the GPOADmin Server:
Inbound: Port 40200 (default)
Outbound: TCP ports within the following range (1024 to 65535). For more details on default dynamic port range for TCP/IP see, https://support.microsoft.com/en-us/kb/929851.)

 

* 
NOTE: To run the Version Control server on a custom port, you must set the following registry value:

Key: HKLM\Software\Quest\GPOADmin\Remoting
Value Name: Port
Value Type: DWord
Valid Values: 1 to 65536

If this value is not set, the default (port 40200) is used.

From the GPOADmin Server:

Configuration storage
LDAP Service — TCP/UDP TCP/UDP — 389 -or- AD LDS port (defaults to 389 or 50000)
If you are using SQL Server for GPO backup storage, the appropriate ports must be open. SQL Server’s default port is 1433.
If you are using Named Pipes with SQL, arbitrary ports may be required. SQL Named Pipes is not a recommended configuration through firewalls.

GPO Archives
If you are using a network share for GPO backup storage, you may require open ports on 135, 138, 139, and 445.
If you are using SQL Server for GPO backup storage, the appropriate ports must be open. SQL Server’s default port is 1433.
If you are using Named Pipes with SQL, arbitrary ports may be required. SQL Named Pipes is not a recommended configuration through firewalls.
If you are using AD LDS for GPO backup storage or configuration data, AD LDS defaults to port 389 if not coexisting with AD. If AD is already installed, AD LDS defaults to port 50000.

Editing the Version Control server properties

Users logged on with an account that is a member of the GPOADmin administrators group can edit the properties of the Version Control server when required. Specifically, they can:
Add and remove users and administrators to your GPOADmin deployment.
Select the backup repository for the historical copies of objects.
Create and define roles used to delegate rights over the Version Control system.
Configure email notifications on Version Controlled events.
Delete data from SMTP and workflow notification settings.
Select the type of information you want to track and the location for the log files.
Configure various properties such as GPMC version checks, workflow options for GPOs, default link state, protected settings, GPO synchronization, unique names, unique role names, unregistered SOM linking, WMI filter display, custom workflow actions, prevent users from approving their own requests, and enable the identification of associated objects during a deployment and ensure that the service account has the required service account has the required rights to deploy associated items.
Configure the domain controller that GPOADmin uses for all Active Directory actions and whether to enforce comments to all actions and naming conventions for newly created objects.
View or update the current license.
Select product integration options.
Enable support for Microsoft Intune.
Enable web proxy to enhance security and privacy.
Enable FIPS mode.
To edit the Version Control Server configuration
* 
NOTE: You must use the GPOADmin console to edit server configuration, not the GPMC Extension.
1
Right-click the forest, and select Options.
2
To add and remove users who can connect to and alter the Version Control server options, select Access.
Select Administrators and add and remove users who can connect to and alter the Version Control server-specific settings.
Select Users and add and remove users who can connect to the Version Control server, but can only perform those actions assigned by an administrator.
3
To select the location of the physical backup copy of the various versions of an object, select Storage. For complete details, see Configuring the Version Control server.
You can choose between:
Network Share: Enter or browse to a network share or directory.
* 
NOTE: This option is the recommended method as it provides a high level of performance and a low level of configuration and maintenance overhead.
SQL Server: This option stores the backups in SQL Server. Enter the database name and the required authentication.
* 
NOTE: If the server is installed as a unique instance, it must be specified as servername\instancename rather than just the SQL Server name.
You can also migrate from AD LDS to SQL. See Migrating from AD/AD LDS to a SQL configuration store.
AD LDS: This option stores the backups in Active Directory Lightweight Directory Services (AD LDS).
* 
NOTE: To use the same AD LDS instance for both the configuration and backup store, select the “Configuration store location” option on the Backup location page.
Directory Configuration Location: This option stores the backups in Active Directory or AD LDS if you selected it during the initial setup of GPOADmin as the storage method for your configuration.
* 
NOTE: Active Directory is not recommended for production deployments due to the amount of replication data.
4
To help optimize performance and secure your data by configuring accepted SQL input filters and timeout settings, select SQL.
a
To protect your environment from a SQL Injection attack, choose the SQL Input Filters option to specify which SQL statement inputs are not permitted within your deployment. By default, all of the inputs are marked as not permitted.
If you allow these inputs, malicious code may be inserted in a SQL statement resulting in security vulnerability.
b
Choose the SQL Timeouts option to configure how long GPOADmin will wait to connect to the SQL server or to process a command.
c
Adjust the timeout values that best fit your deployment and click OK. The default for the connection timeout is 15 seconds and the default for the command timeout is 30 seconds.
5
Select Desired State Configuration | Root directory to specify a DSC root directory for each domain that supports DSC scripts. This root directory serves as the starting point for the DSC script enumeration and deployment location. DSC scripts cannot be registered until this option is enabled.
6
Select Scripts to set the file types that will be returned when enumerating Scripts in the live environment. Add and remove the file extensions as required and click OK.
7
Select Delegation | Roles to create and edit roles that are used to delegate rights over the Version Control system. The built-in roles and descriptions are displayed. Add, edit, and delete roles as required. For complete information about creating and delegating roles, see Configuring role-based delegation .
* 
NOTE: You cannot alter predefined roles.
8
Select Notifications to configure email notifications on Version Controlled events. Notifications help you to stay informed of the latest changes to objects under version control and can be enabled for Exchange on-premises, Office 365 Exchange Online, and Gmail.
To use notifications, you must enable SMTP and set the method of authentication. The required method is dependent on the mechanism selected to send notifications.
When using Exchange on-premises, basic authentication is required.
When using Office 365 and Exchange Online, OAuth 2.0 authentication is required.
When using Gmail a credential file is required.
Table 4. SMTP options - Attachments
Option
Procedure

Select Attachments to embed report content in the body of the email.
1
Select the report contents to include and click OK.

 

Table 5. SMTP options
Option
Procedure

Select SMTP to modify the global SMTP notification options.

NOTE:  
If required, select Clear to delete data from SMTP and workflow notification settings.
Users can alter the email address for their notification email through their personal settings, or through the Notification Manager. See Configuring user preferences or Selecting events on which to be notified .
GPOADmin supports TLS/SSL connections. When connecting to Office 365 for standard SMTP notifications, the  From  account must be a valid email address and have access to the mailbox of the authentication account.
To ensure secure communication between GPOADmin and your Exchange server, it is recommended that your Exchange server be configured to support TLS 1.2.
If you select to use Gmail, a folder directory is created in the location of the credential file which contains a tokens.json response folder and a corresponding token response file. This file is no longer required once the activation has been processed and can be safely removed.
If you want to use Microsoft Azure GCC High email for notifications, select the U.S Government GCC High option. For information on using Exchange Online for US Government environments refer to Microsoft documentation.
GPOADmin is configured to use TLS 1.2 for communication with web services such as Microsoft Azure. To use a different security protocol, edit the following value in the registry: HKLM\SOFTWARE\Quest\GPOADmin\SecurityProtocol
Valid values are: SystemDefault, Ssl3, Tls, Tls11, Tls12 (default), Tls13 (only available on Server 2022 and Windows 11).
1
Select Basic to use Exchange for notifications.
a
Select to Enabled SMTP notifications.
b
Enter the SMTP server.
c
Enter the port number. 25 for standard, unencrypted communication, 465 for older SSL communication, or 587 for TLS communications.
d
Enter a “From” address. If your SMTP server is not configured for anonymous connections, enter the associated credentials.
e
You can optionally select to attach read and/or delivery receipts with notifications. Once enabled, the email specified in the “From” address can confirm that notifications are received and/or read after they are sent.
2
Select Exchange Online and Office 365 to use Office 365 Exchange Online for notifications.
a
Select to Enabled SMTP notifications via Exchange.
b
Enter the application ID, tenant ID, tenant name, certificate, certificate password, and https://outlook.office365.com/ews/exchange.asmx as the Exchange Server Url, and a valid certificate and password.
The certificate must be previously uploaded to Microsoft Entra App certificates & secrets.
The application ID, tenant ID, tenant name, certificate, and certificate password are set when you register GPOADmin to use Office 365 Exchange Online through Microsoft Entra. See Appendix: Registering GPOADmin for Microsoft 365 Exchange Online.
3
Select Gmail to use Google mail for notifications.
a
Select to Enabled SMTP notifications via Gmail.
b
Enter the Gmail account.
c
Enter the credential file location. (To use Gmail, users must generate this credentials file from Gmail. GPOADmin uses this file to connect to Gmail, verify the authorization, get access and refresh tokens to retrieve and send messages.) See Appendix: Configuring Gmail for Notifications for information on creating this file.
d
To navigate past the application verification warning, click Advanced and then click the Go to GPOAdmin (unsafe) link.
e
Grant GPOAdmin permissions to View and modify but not delete your email.
f
Click Allow to confirm your selection.
Table 6. Workflow notification options
Option
Procedure

Select Workflow to enable workflow approval through email, set the authentication method, and modify the mailbox and server information.

NOTE:  
If required, select Clear to delete data from SMTP and workflow notification settings.
The Exchange option supports at a minimum Microsoft Exchange 2019 for on-premises mailboxes and Office 365 Exchange Online.
All approvers and the service account must have a valid Exchange on-premises or Office 365 Exchange Online inbox.
Exchange Distribution Groups should be used for approval groups. Active Directory groups are not supported when using the Workflow Approval through email feature.
Proper Exchange certificates must be installed on the GPOADmin server if certificates are being used in your Exchange environment.
You must restart the GPOADmin service when you enable or disable this option.
If you select to use Gmail, a folder directory is created in the location of the credential file which contains a tokens.json response folder and a corresponding token response file. This file is no longer required once the activation has been processed and can be safely removed.
If you want to use Microsoft Azure GCC High email for approvals, select the U.S Government GCC High option. For information on using Exchange Online for US Government environments refer to Microsoft documentation. This option is only available for OAuth 2.0 Authentication.

 
1
Select Exchange, Exchange Online, & Office 365 to use Exchange, Exchange Online, or Office 365 for notifications.
a
Select Enable Workflow Approval through email.
b
Set the required authentication.
To use Exchange for notifications, select Basic Authentication and enter the account to use to connect to the mailbox and password. Enter the Exchange Server Url or select Autodiscover Exchange Server Url to locate the Exchange server that is hosting the specified mailbox.
To ensure that approvals are processed only by users who have the rights to do so, check the Enforce approver account validation option. (This option will not function if you select to follow the Microsoft documentation that restricts access to a single mailbox.)
By default, GPOADmin uses the mailbox associated with the service account. If necessary, you can specify a different mailbox for the service to use when processing approvals and rejections through email. To do so, uncheck the Use the service accounts mailbox option and enter the mailbox that you want to the service to monitor. To connect as the service, leave the account blank and password blank.
To use Office 365 and Exchange Online for notifications, select OAuth 2.0 Authentication. Enter the mailbox. application Id, tenant Id, https://outlook.office365.com/ews/exchange.asmx as the Exchange Server Url. and a valid certificate and password.
The certificate must be previously uploaded to Microsoft Entra App certificates & secrets.
The application ID and tenant ID are set when you register GPOADmin to use Office 365 Exchange Online through Microsoft Entra. See Appendix: Registering GPOADmin for Microsoft 365 Exchange Online.)

 
2
Select Gmail to use Google mail for notifications.
a
Select to Enabled SMTP notifications via Gmail.
b
Enter the Gmail account.
c
Enter the credential file location. (To use Gmail, users must generate this credentials file from Gmail. GPOADmin uses this file to connect to Gmail, verify the authorization, get access and refresh tokens to retrieve and send messages.) See Appendix: Configuring Gmail for Notifications for information on creating this file.
d
To navigate past the application verification warning, click Advanced and then click the Go to GPOAdmin (unsafe) link.
e
Grant GPOAdmin permissions to View and modify but not delete your email.
f
Click Allow to confirm your selection.
2
Select Logging | Configuration to enter the log location and the type of information you want to track.
From here you can:
Choose to log to the Event Log, to a specific directory where log files will be created, or not at all.
Select which (if any) types of events to log. The types of events are as follows: Service Actions (such as service startup and shutdown), User Actions (such as check in, approve, edit), Errors, and Debug Information (used by Quest Support).
Enable Group Policy Management console logging and set the logging level to Normal or Verbose. The logs (GPmgmtManaged.log and the GPmgmt.log) are located in the service account’s %temp% directory.
Enable Exchange logging for workflow approval through email. Restart the GPOAdmin service for this to take effect. The EWS.txt file can be found in the application install directory.
3
Select Options to configure various settings.
Select General to configure the following options:
Table 7. General options
Option
Description

Perform Group Policy Management version check

Check to ensure the version of GPMC on the client is compatible with the GPMC version used within GPOADmin.

Disable all workflow options for Group Policy Objects

Disable all workflow on GPOs.

Keep in mind, if you disable the workflow, any changes made are immediately deployed in the live environment. To bring the GPO back under version control, enable the workflow.

Disable all workflow options for Scopes of Management

Disable all workflow on SOMs.

Keep in mind, if you disable the workflow, any changes made are immediately deployed in the live environment. To bring the SOM back under version control, enable the workflow.

Disable all workflow options for WMI Filters

Disable all workflow on WMI filters.

Keep in mind, if you disable the workflow, any changes made are immediately deployed in the live environment. To bring the WMI filter back under version control, enable the workflow.

Set default link state to enable when adding new links

This enables the default link state for any new links added to a SOM.

Enable Protected Settings for Group Policy Objects

This enables the ability to have Protected Settings policies that contain settings that you want to control. They are protected in the sense that they contain and identify the settings that cannot be altered by users. This provides an added level of security for the policies within your organization. If a user attempts to create, edit, or remove the flagged settings they are stopped.

NOTE: If you have GPOADmin configured with SQL as the configuration store, you can select to Enable Policy Baselines. Selecting this option allows Protected Setting policies to be assigned to individual GPOs as policy baselines. See Working with Protected Settings Policy Baselines for details.

Enable Group Policy Object Synchronization

Synchronizing GPOs allows you to automatically push out predefined “primary GPO” settings to specified targets both within a forest and between two forests. This allows you to ensure specific GPOs, which are required in every domain, contain the same settings without having to link to a GPO outside of the domain.

You are able to select one or more GPOs from various domains as synchronization targets for the source GPO. When the source GPO has been successfully deployed, the settings from the last major backup are imported into each synchronization target GPO.

Allow the service account to synchronize Group Policy Objects during deployment

Provides the ability to control whether the service account can perform a GPO synchronization during deployment.
If disabled, a GPO synchronization will only happen during deployment if the deploying account has the Synchronization right on the GPO.
If enabled, the service account will perform a GPO synchronization during deployment. (Default)

Enable Unique Name

This ensures that GPOs and WMI filters cannot be created with the same name as an existing GPOs or WMI filter in a domain, select the Enforce Unique Names option. If a non-deployed GPO indicates that a duplicate name exists, run a full compliance check to determine if any GPOs were modified outside of GPOADmin. For more info see, Checking compliance .

NOTE: In order to reuse a unique name, you must select to delete the GPO and WMI filters and the associated backups.

Enable Unique Role Names

This ensures that roles cannot be created with the same name as an existing role.

Enable unregistered Scopes of Management linking

To allows users to link to unregistered Scopes of Management, select the Enable unregistered Scope of Management linking option. If this option is not selected, the policy and the SOM must be registered and the user linking the policy must have the Link right on both objects.

Display only the WMI Filters a user has Read access to when editing a GPO

Users are restricted to only the WMI Filters they have Read access.

Ensure service account access prior to deployment

This option must be enabled if you want users to be able to automatically deploy an object’s associated items. See Deploying objects (scheduling and associated items) .

It ensures that the service account has the Edit settings, delete, modify security rights on the working copy before deployment.

Enable the identification of associated items during deployment

Provides users with the option to identify and deploy associated items in a pending deployment state.

Prevent approval requester from approving their own changes

Ensures that a user cannot approve their own changes, even if they are in the approver's list for the object.

Enable empty policy deploy warning

Enable a warning message when users are trying to deploy a GPO that does not include any policy settings.

Refresh objects on selection

When this option is enabled, the objects are refreshed when they are selected in the client.

Log service option changes

Enabling this option will log any changes made to the version control server configuration options.

IMPORTANT: By default, this option is disabled as it may pose a security risk. If this option is enabled, Quest highly recommends that you review the security for the GPOADmin event log and the log file and ensure the access is altered as required.

Enable the processing of custom workflow actions

Clicking the Launch Editor button starts the Custom Workflow Editor.

OU display format

Set the display format for OUs.

Select SQL Input Filters to view the allowed strings and characters for SQL statements.
* 
NOTE: To protect your environment from a SQL Injection attack, you can mark which SQL statement inputs are not permitted. If you allow these inputs, malicious code may be inserted in a SQL statement resulting in security vulnerabilities.
Select Comments to enforce comments to all actions and naming conventions for newly created objects. Set a minimum comment length greater than 0. Leaving the value at 0 means comments are optional for all actions. Any value greater than zero makes comments mandatory for all actions and all users.
Select Deployment Failure to enable an automatic retry on failed deployments. Enable the option and select the number of attempts (maximum of 10) and the interval in minutes (maximum of 1440). Re-deployment attempts are done as scheduled deployments.
Select Preferred Domain Controllers and click Add to configure the domain controller that GPOADmin will use for all Active Directory actions. By default, GPOADmin uses the Primary Domain Controller.
4
Select Retention | Backups Retention to configure a retention schedule for backups. You can select to limit the backups to keep based on a specified number, age, or date. Backup retention settings apply to SQL configuration stores only.
* 
NOTE: All backups generated by the watcher service due to non-compliance are counted in the retention limit.
5
Select Retention | Deleted Object Retention to configure retention settings for deleted objects. You can choose to specify the retention to be based on a specific number of days to keep deleted objects or a date after which the object will no longer be retained. Deleted Object Retention settings apply to SQL configuration stores only.
6
Select License | Current License to view the current license information.
Select the Update License check box and then click Browse and go to the new license location.
7
Select Intune | Configuration to enable support for Intune and enter the information to connect to the required Microsoft Entra tenant. This includes the application ID, tenant ID, tenant name, certificate, and certificate password for the tenant where Intune is installed. See the GPOADmin Quick Start Guide for minimum permission requirements.
* 
NOTE: GPOADmin is unable to support Intune Setting Catalog items that contain encrypted values.
If you want to use a Microsoft Azure GCC High Intune tenant, select the U.S Government GCC High option.
8
Select Integration to configure settings that apply to a Quest Change Auditor™ integration.
If you have multiple Change Auditor coordinators installed, you can select a specific coordinator to use for reports and auditing.
If necessary, you can also select to turn off Change Auditor, by selecting Not Set.
9
For increased security and privacy, select Web Proxy to configure GPOADmin to use a web proxy server for internet communication.
* 
NOTE: Web Proxy is not supported when using Gmail for notifications.
Select to Enable Proxy.
Enter proxy server address and the username and password for authentication.
Optionally, select Bypass local addresses if you want to exclude local network traffic from being routed through the proxy. Add and remove local addresses as required.
Click OK to save the proxy settings.
10
Select Enable FIPS Mode. The Federal Information Processing Standards (FIPS) are government set guidelines and standards published by the National Institute of Standards and Technology. To run a Windows environment in FIPS compliant mode, the Microsoft Policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” must be enabled.
Select Enable FIPS mode to ensures that GPOADmin uses cryptographic algorithms that are FIPS compliant.
Select Allow self-signed certificates when communicating with Exchange servers if required.
Both these options are enabled by default.
11
When you have made all the required selections, click OK.

Editing the Version Control server configuration store

Users logged on with an account that is a member of the GPOADmin administrators group can edit the type of configuration store.

To edit the configuration store
1
Right-click the forest, and select Re-configure Version Control server.
2
In the Select a Configuration Store dialog, select SQL Server, AD LDS, or Active Directory for your configuration storage location.
* 
NOTE: Configuration Store Selection

The best practice is to use:
SQL Server for optimal performance.
AD LDS for small environments. Quest uses the following criteria to define small environments. (These are guidelines and should not be considered as an exhaustive list.)
Domains with less than 500 registered objects that run searches on a regular basis.
Less than 500 registered containers.
Containers with objects nested no more than 3 levels deep.
Active Directory for legacy deployments. It is not recommended for new installations.
* 
IMPORTANT: Ensure that you are following the minimum permissions detailed in the Quick Start guide. The listed permissions help to secure the database by limiting the access to only the required accounts.
a
If you select Active Directory, select the Domain Controller (DC) to be the Version Control server, and click Next.
Any DC in any domain of the selected forest can be specified as the primary version control server. This server can be thought of as another FSMO role in the Microsoft sense (such as Schema master, PDC Emulator, and RID master).
GPOADmin is a directory-enabled application and all its application information is stored in the configuration container of Active Directory. Because of how the information is stored, all information is automatically replicated to all other DCs. However, the primary version control server is the authoritative source for all version control actions. If it goes offline, users cannot perform actions such as check-in a desired group policy object change until the problem has been rectified.
b
If you select AD LDS, enter the NetBIOS name of the computer you are installing to and the port number in the format: server_name:port, and click Next.
For example, gpoadmin_svr: 389.
* 
NOTE: The username/port/server (but not password) will be cached, so the next time you open the console you will not need to enter this information.
c
If you select SQL Server, choose the required SQL server, enter a name for the database, select the authentication method to access the server, and click Next.
* 
NOTE:  
See the Release Notes for supported SQL Server versions.
To protect your environment from a SQL Injection attack, you can mark which SQL statement inputs are not permitted. See Editing the Version Control server properties. By default, all of the inputs are marked as not permitted. If you allow these inputs, malicious code may be inserted in a SQL statement resulting in security vulnerabilities.
When configuring GPOADmin to use an Azure SQL managed instance, you must specify the public endpoint including the port number, in the Server Name field in GPOADmin. For details on configuring a public endpoint, see Microsoft documentation.
To connect as the current user, select NT Authentication.
Select the level of encryption for the connection. When enabled, SQL Server uses TLS encryption for data sent between the client and server.
Choose between:
Strict (SQL Server 2022 and Azure SQL): Select this option for Azure SQL Database and Azure SQL Managed Instance or when the instance has Force Strict Encryption enabled.
Mandatory: Select this option when the instance has Force Encryption enabled. It can also be used when no encryption is configured for the instance, but Trust server certificate is enabled. While this method is less secure than installing a trusted certificate, it does support an encrypted connection.
Optional (Default in GPOADmin)
Enabling Trust Server Certificate, when 'Optional' or 'Mandatory' encryption is selected, or if the server enforces encryption, means that SQL Server will not validate the server certificate on the client computer when encryption is enabled for network communication between the client and server.
Under Host name in the certificate, you can provide an alternate, yet expected, Common Name (CN) or Subject Alternative Name (SAN) in the server certificate for the connection to SSMS. You would use this option when the server name does not match the CN or SAN, for example, when using DNS aliases.
Leaving this option blank allows certificate validation to confirm that the CN or SAN matches the server name.
To connect using SQL credentials, select SQL Authentication and enter the user name and password.
3
Click Next to continue.
4
Click through the rest of the Service Configuration Wizard and click Finish.

Replacing the Version Control server configuration settings

In some cases, you may want to keep the majority of the Version Control server settings the same throughout the deployment and have only select settings unique for each server.

If this is the case, you can copy the settings from an existing sever and then update where required rather than having to enter all the settings required during a reconfiguration.

To edit the Version Control configuration using another servers settings
1
Right-click the forest, and select Copy Server Configuration.
2
Select the server configuration that you want to copy and click OK.
3
Right-click the forest, and select Options to update where required.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating