If there is a difference between this content and other AGPM documentation, consider this content authoritative and assume that it supersedes the other documentation. AGPM 4. For a list of the cmdlets available in AGPM 4. If you are upgrading to AGPM 4. Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server R2, Windows Server , Windows Server R2, Windows 8. The following table describes the behavior of AGPM 4.
NET Framework 4. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Click Add , select agpm. In the AGPM Server all domains Properties window, select Enabled and type the fully-qualified computer name and port for example, server.
You also determine the alias from which these messages are sent. In the To field, type the e-mail address for the user account to which you intend to assign the Approver role. Note You can also delegate access at the GPO level rather than the domain level. In the Group Policy Management Console , click Group Policy Objects in the forest and domain in which you want to manage GPOs, click Delegation , and then configure the settings to meet the needs of your organization.
Click the user account of a Group Policy administrator, and then select the Approver check box to assign that role to the account. Clear the Editor check box. This role includes the Reviewer role. Click the user account of another Group Policy administrator, and then select the Editor check box to assign that role to the account. Click a third account and then select the Reviewer check box to assign only the Reviewer role to the account of that Group Policy administrator.
In an environment with multiple Group Policy administrators, those with the Editor role have the ability to request the creation of new GPOs, but such a request must be approved by someone with the Approver role because the creation of a new GPO impacts the production environment.
In this step, you use an account with the Editor role to request the creation of a new GPO. Using an account with the Approver role, you approve this request and complete the creation of a GPO. Click Create live so the new GPO will be deployed to the production environment immediately upon approval. The new GPO is displayed on the Pending tab.
Open the e-mail inbox for the account, and note that you have received an e-mail message from the AGPM alias with the Editor's request to create a GPO.
Click Yes to confirm approval of the creation of the GPO. The GPO is moved to the Controlled tab. You can use GPOs to configure computer or user settings and deploy them to many computers or users. For this scenario, you configure a setting in the GPO to require that the password be at least eight characters in length.
For this scenario, configure the minimum password length:. In the properties window, select the Define this policy setting check box, set the number of characters to 8 , and then click OK.
To receive a copy of the request, type your e-mail address in the Cc field. In this step, you act as an Approver, creating reports and analyzing the settings and changes to settings in the GPO to determine whether you should approve them. After evaluating the GPO, you deploy it to the production environment and link it to a domain or an organizational unit OU so that it takes effect when Group Policy is refreshed for computers in that domain or OU.
Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO. On the Contents tab in the details pane, click the Pending tab. In the History window, click the GPO version with the most recent timestamp. Click the Differences button. Click Yes. The GPO is deployed to the production environment. In this step, you use an account with the Editor role to create a template—an uneditable, static version of a GPO for use as a starting point for creating new GPOs—and then create a new GPO based upon that template.
Templates are useful for quickly creating multiple GPOs that include many of the same settings. On the Contents tab in the details pane, click the Controlled tab. Type MyTemplate as the name for the template and a comment, and then click OK. The new template appears on the Templates tab.
Click Create live , so the new GPO will be deployed to the production environment immediately upon approval. In the properties window, check Define this policy setting , set the duration to 30 minutes, and then click OK. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver. Click Delete GPO from archive and production to delete both the version in the archive as well as the deployed version of the GPO in the production environment.
0コメント