Group Policy Central

AGPM Part 7: How to makes changes to existing uncontrolled GPO’s in AGPM

14/06/2010, 8:27 pm

This post is part of a series of posts about Advanced Group Policy Management. If you want to see the other post in this series you can use the links below:

Introduction to Advanced Group Policy Management (a.k.a AGPM) v4
How to install the Advanced Group Policy Management Client v4
How to install the Advanced Group Policy Management (AGPM) Server v4
How to configure the AGPM client via Group Policy to automatically connect to the AGPM server
Delegating permission to Review/Edit GPO’s in AGPM
How to create make changes to Group Policy Objects in AGPM
How to makes changes to existing uncontrolled GPO’s in AGPM

Editing existing uncontrolled GPO’s in AGPM

If you are deploying AGPM into an existing environment (and you probably are) then you will probably want to editing you existing GPO’s. Any GPO that is not managed by AGPM is called an “Uncontrolled” GPO and as such will not be touched until it is specifically made into a “Controlled” policy.

Step 1. Logon as Alan to a computer that has GPMC and the AGPM client

Step 2. Open GPMC and click on Change Control and then then Uncontrolled tab then right click on the GPO you want to “Control” and then click on Control…

Step 3. Add a comment to the GPO as its initial comment then click OK

This Group Policy is now “controlled”

Hopefully this has series given you enough of an introduction to AGPM to get it installed and start to perform basic changes and approvals to GPO setting …

If you want more information on Advanced Group Policy Management then here is a list of link to pages I have found useful:

Microsoft MDOP Blog
TechNet: Overview of Advanced Group Policy Management
TechNet: A Video tour of Advanced Group Policy Management
TechNet: Technical Overview of AGPM
TechNet: What’s New in AGPM

TechNet: Choosing Which Version of AGPM to Install
TechNet: Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0
TechNet: Operation Guide for Microsoft Advanced Group Policy Management 4.0
Group Policy Blog: Importing and Exporting with AGPM

Tags: Advanced Group Policy Management, AGPM, Intermediate
Category: Tutorials | 7 Comments

AGPM Part 6: How to create make changes to Group Policy Objects in AGPM

14/06/2010, 8:24 pm

This post is part of a series of posts about Advanced Group Policy Management. If you want to see the other post in this series you can use the links below:

Creating and Editing GPO’s in AGPM

Now you are going to logon as John and create a fresh new Controlled GPO to have it then approved by Alan.

Step 1. Logon as John to a computer that has GPMC and the AGPM client

Step 2. Open GPMC and right click on Change Control and then click on New Controlled GPO…

Step 3. Fill in the submission field so that an email will be sent to the AGPM administrator to review the New Controlled GPO Request then click Submit

Step 4. Click Close

Note: In this example I don’t have a mail serve configured so the sending the of the email failed.

Step 5. Click on the Pending Tab. You can now see the Pending request waiting for approval.

Now we will approve the New Controlled GPO request.

Step 6. Logon as Alan to a computer that has GPMC and the AGPM client

Step 7. Open GPMC and right click on Change Control then click on the Pending tab and the right click on the pending request and click on Approve…

Step 8. Add a comment before you confirm the Approval action then click Yes

Step 9. Wait for it to Approve and then click Close

Note: It is this stage that Alan can link the GPO manually to the Organisational Unit (OU).

NEXT > How to makes changes to existing uncontrolled GPO’s in AGPM

Tags: Advanced Group Policy Management, AGPM, Intermediate
Category: Tutorials | 6 Comments

AGPM Part 5: Delegating permission to Review/Edit GPO’s in AGPM

14/06/2010, 8:23 pm

This post is part of a series of posts about Advanced Group Policy Management. If you want to see the other post in this series you can use the links below:

Delegating permission in AGPM

This section show you how to delegate permission to a user to either review or edit group policy object via AGPM.

Step 1. Open GPMC on a computer that you have installed the AGPM client on.

Step 2. Navigate and click on Change Control option and then the Domain Delegation tab then click Add

Step 3. Select the user John and then select the Editor from the role field then click OK

John now has Reviewer/Edit access to AGPM (that was easy!).

NEXT > How to create make changes to Group Policy Objects in AGPM

Tags: Advanced Group Policy Management, AGPM, Intermediate
Category: Tutorials | 5 Comments

AGPM Part 4: How to configure the AGPM client via Group Policy to automatically connect to the AGPM server

14/06/2010, 8:22 pm

This post is part of a series of posts about Advanced Group Policy Management. If you want to see the other post in this series you can use the links below:

Introduction to Advanced Group Policy Management (a.k.a AGPM) v4
How to install the Advanced Group Policy Management Client v4
How to install the Advanced Group Policy Management (AGPM) Server v4
How to configure the AGPM client via Group Policy to automatically connect to the AGPM server
Delegating permission to Review/Edit GPO’s in AGPM
How to create make changes to Group Policy Objects in AGPM
How to makes changes to existing uncontrolled GPO’s in AGPM

Configuring the AGPM Client

This section describes the process of how to automatically connect AGPM client to the AGPM server you have in your forest. If you do not perform this option step then each person that uses the AGPM will need to manually configure the Client to the correct AGPM server.

Step 1. Edit the Default Domain Policy using the Group Policy Management Editor (GPME) and navigate to Users Configuration > Policies > Administrative Templates > Windows Components > AGPM then edit the AGPM: Specify default AGPM Server (all domains)

Step 2. Tick Enable and then type the name/IP address then :Port number of the AGPM Server in the text field then click OK

(Hopefully this is the last non-managed GPO change you ever make again)

NEXT > Delegating permission to Review/Edit GPO’s in AGPM

Tags: Advanced Group Policy Management, AGPM, Intermediate
Category: Tutorials | 6 Comments

AGPM Part 3: How to install Advanced Group Policy Management Server v4

14/06/2010, 8:21 pm

This post is part of a series of posts about Advanced Group Policy Management. If you want to see the other post in this series you can use the links below:

Introduction to Advanced Group Policy Management (a.k.a AGPM) v4
How to install the Advanced Group Policy Management Client v4
How to install the Advanced Group Policy Management (AGPM) Server v4
How to configure the AGPM client via Group Policy to automatically connect to the AGPM server
Delegating permission to Review/Edit GPO’s in AGPM
How to create make changes to Group Policy Objects in AGPM
How to makes changes to existing uncontrolled GPO’s in AGPM

Installing the AGPM Server

The Advanced Group Policy Management Server is the central server that keeps track and makes changes to all the Group Policy Objects in the forest.

Step 1. Start the Advanced Group Policy Management and select the “– Server install.” option.

Step 2. Click Next

Step 3. Tick I accept license terms and then click Next

Step 4. Confirm the Application path and click Next

Step 6. Confirm the Archive Path and click Next

Step 7. Enter the AGPM Service Account details. This account needs to have full access to all GPO that you want to manage using AGPM then click Next

Step 8. Enter the Archive Owner account (e.g. Contoso\Alan ) this account is the first Full Control administrator in AGPM that is used to delegate permission to other users then click Next