立即与支持人员聊天
与支持团队交流

GPOADmin 5.19 - User Guide

Introducing Quest GPOADmin Configuring GPOADmin Using GPOADmin
Connecting to the Version Control system Navigating the GPOADmin console Search folders Accessing the GPMC extension Configuring user preferences Working with the live environment Working with controlled objects (version control root)
Creating a custom container hierarchy Selecting security, levels of approval, and notification options Viewing the differences between objects Copying/pasting objects Proposing the creation of controlled objects Merging GPOs Restoring an object to a previous version Restoring links to a previous version Managing your links with search and replace Linking GPOs to multiple Scopes of Management Managing compliance issues automatically with remediation rules Validating GPOs Managing GPO revisions with lineage Setting the change window for specific actions Working with registered objects Working with available objects Working with checked out objects Working with objects pending approval and deployment
Checking compliance Editing objects Synchronizing GPOs Exporting and importing
Creating Reports Appendix: Windows PowerShell Commands Appendix: GPOADmin Event Log Appendix: GPOADmin Backup and Recovery Procedures Appendix: Customizing your workflow Appendix: GPOADmin Silent Installation Commands Appendix: Configuring Gmail for Notifications Appendix: Registering GPOADmin for Office 365 Exchange Online Appendix: GPOADmin with SQL Replication About Us

Validating GPOs

To ensure that the GPOs within your system are still required, you can setup an attestation process. If a GPO has not been deployed within the specified date range, an email will be sent to the account designated as its manager to attest to its validity. This option is supported for SQL and AD / AD LDS as a configuration store and all backup stores.

Administrators can also attest to the validity of a GPO without having to re-deploy it. An email, which includes a Settings report, is sent when the GPO is attested or when the attestation date has expired.

2
Select the Attestation tab.
3
Select Enable Attestation.
You can right-click and select Insert Tag to use any of the following pre-defined tags: Action, Comment, Domain Name, Full Path, ID, Last Backup ID, Name, Status, Sub status, Trustee Name, Trustee SID, Type, Version, Version Control ID, Last Deployed On. (See Predefined Tags for tag details.)
6
NOTE: If you have GPOs that you do not want to validate, you can select to Override Inherited Attesatation and click to clear the Enable Attestation option.

Managing GPO revisions with lineage

If required, you can manage GPO revisions through lineage by selecting a specific GPO to revert to when a rollback is performed. When this is configured, every SOM linked to the GPO will be updated the lineage GPO.

2
Select the Lineage tab and choose Enable Lineage.
4
Click OK. Once this is set, a GPO rollback will unlink the GPO and re-link with the assigned lineage GPO.

Setting the change window for specific actions

If required, administrators can restrict specific actions during a specified day and time. For example, if a user checks out an object during the time period where changes are not permitted, all the management options will be unavailable.

2
Select the Change Window tab.
If you are an administrator with the appropriate right, the Override parent settings option is enabled so that you can set the change window.
3
Select the Time Setting tab to set time frames individually (or select and drag to highlight the required time frame) and choose Denied or Allowed as required. Allowed hours display in blue, and denied hours display in white.
4
Select the Actions List tab to select the actions to associate with this change window.
5
Click Apply to apply the settings and close the dialog.

Working with registered objects

Regardless of the status of the registered GPO, starter GPOS, scripts, DSC scripts, WMI filter, domain, site, or OU (Available, Checked Out, Pending Approval, and Pending Deployment), you can perform the following tasks if you have the appropriate role:

Cloaking a GPO (applies to available GPOs only)
Locking a GPO (applies to available GPOs only)
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级