How To Add Group Policy In Windows 2008 R2

Skip to master content

Step-by-Step Guide for Microsoft Advanced Group Policy Direction 4.0

• Commodity
• 08/23/2021
• 25 minutes to read

Is this page helpful?

Feedback will be sent to Microsoft: By pressing the submit push, your feedback volition be used to improve Microsoft products and services. Privacy policy.

In this article

This stride-by-step guide demonstrates avant-garde techniques for Group Policy management that utilise the Grouping Policy Management Panel (GPMC) and Microsoft Avant-garde Group Policy Management (AGPM). AGPM increases the capabilities of the GPMC, providing:

• Standard roles for delegating permissions to manage Group Policy Objects (GPOs) to multiple Group Policy administrators, in improver to the power to delegate access to GPOs in the product environment.

• An archive to enable Group Policy administrators to create and change GPOs offline before the GPOs are deployed into a production environment.

• The power to roll back to any before version of a GPO in the archive and to limit the number of versions stored in the archive.

• Check-in and check-out capability for GPOs to make sure that Group Policy administrators practice non unintentionally overwrite each other's work.

• The ability to search for GPOs with specific attributes and to filter the list of GPOs displayed.

AGPM scenario overview

For this scenario, you will use a separate user business relationship for each office in AGPM to demonstrate how Group Policy can be managed in an environs that has multiple Group Policy administrators who accept different levels of permissions. Specifically, you will perform the post-obit tasks:

• Using an business relationship that is a member of the Domain Admins group, install AGPM Server and assign the AGPM Administrator function to an business relationship or group.

• Using accounts to which y'all will assign AGPM roles, install AGPM Client.

• Using an account that has the AGPM Administrator office, configure AGPM and delegate admission to GPOs by assigning roles to other accounts.

• From an business relationship that has the Editor role, asking that a new GPO be created that you then approve by using an business relationship that has the Approver part. Use the Editor account to check the GPO out of the archive, edit the GPO, cheque the GPO into the archive, and then request deployment.

• Using an business relationship that has the Approver role, review the GPO and deploy it to your production environment.

• Using an account that has the Editor part, create a GPO template and utilize it every bit a starting point to create a new GPO.

• Using an business relationship that has the Approver role, delete and restore a GPO.

Requirements

Computers on which you want to install AGPM must run across the post-obit requirements, and you must create accounts for use in this scenario.

Notation   If you accept AGPM 2.v installed and are upgrading from Windows Server® 2003 to Windows Server 2008 R2 or Windows Server 2008, or are upgrading from Windows Vista with no service packs installed to Windows seven or Windows Vista® with Service Pack ane (SP1), you lot must upgrade the operating system before you can upgrade to AGPM four.0.

If you have AGPM 3.0 installed, y'all exercise non have to upgrade the operating system before you upgrade to AGPM 4.0

In a mixed surround that includes both newer and older operating systems, in that location are some limitations to functionality, every bit indicated in the following tabular array.

Operating organization on which AGPM Server four.0 runs	Operating system on which AGPM Client iv.0 runs	Status of AGPM 4.0 back up
Windows Server 2008 R2 or Windows 7	Windows Server 2008 R2 or Windows 7	Supported
Windows Server 2008 R2 or Windows seven	Windows Server 2008 or Windows Vista with SP1	Supported, simply cannot edit policy settings or preference items that exist merely in Windows Server 2008 R2 or Windows 7
Windows Server 2008 or Windows Vista with SP1	Windows Server 2008 R2 or Windows 7	Unsupported
Windows Server 2008 or Windows Vista with SP1	Windows Server 2008 or Windows Vista with SP1	Supported, but cannot study or edit policy settings or preference items that exist but in Windows Server 2008 R2 or Windows 7

AGPM Server requirements

AGPM Server iv.0 requires Windows Server 2008 R2, Windows Server 2008, Windows seven and the GPMC from Remote Server Administration Tools (RSAT), or Windows Vista with SP1 and the GPMC from RSAT installed. Both 32-chip and 64-scrap versions are supported.

Before you install AGPM Server, you must exist a fellow member of the Domain Admins group and the following Windows features must exist present unless otherwise noted:

• GPMC

  • Windows Server 2008 R2 or Windows Server 2008: If the GPMC is non present, it is automatically installed by AGPM.

  • Windows 7: Y'all must install the GPMC from RSAT earlier you install AGPM. For more information, see Remote Server Administration Tools for Windows vii (https://go.microsoft.com/fwlink/?LinkID=131280).

  • Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more data, see Remote Server Administration Tools for Windows Vista with Service Pack 1 (https://get.microsoft.com/fwlink/?LinkID=116179).

• The .Cyberspace Framework 3.5 or later versions

  • Windows Server 2008 R2 or Windows seven: If the .NET Framework 3.v or afterwards version is non present, the .NET Framework 3.5 is automatically installed by AGPM.

  • Windows Server 2008 or Windows Vista with SP1: You must install the .NET Framework 3.five or a later version before y'all install AGPM.

The following Windows features are required by AGPM Server and will be automatically installed if they are not present:

• WCF Activation; Not-HTTP Activation

• Windows Process Activation Service

  • Process Model

  • The .Net Environment

  • Configuration APIs

AGPM Client requirements

AGPM Client 4.0 requires Windows Server 2008 R2, Windows Server 2008, Windows 7 and the GPMC from RSAT, or Windows Vista with SP1 and the GPMC from RSAT installed. Both 32-bit and 64-bit versions are supported. AGPM Client tin can be installed on a computer that is running AGPM Server.

The following Windows features are required by AGPM Client and unless otherwise noted are automatically installed if they are not present:

• GPMC

  • Windows Server 2008 R2 or Windows Server 2008: If the GPMC is non present, it is automatically installed by AGPM.

  • Windows seven: Y'all must install the GPMC from RSAT before you install AGPM. For more than data, see Remote Server Administration Tools for Windows 7 (https://go.microsoft.com/fwlink/?LinkID=131280).

  • Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see Remote Server Administration Tools for Windows Vista with Service Pack 1 (https://go.microsoft.com/fwlink/?LinkID=116179).

• The .NET Framework three.0 or later version

  • Windows Server 2008 R2 or Windows 7: If the .Cyberspace Framework 3.0 or later version is not nowadays, the .Cyberspace Framework 3.5 is automatically installed past AGPM.

  • Windows Server 2008 or Windows Vista with SP1: If the .NET Framework 3.0 or later version is not present, the .NET Framework 3.0 is automatically installed by AGPM.

Scenario requirements

Before you begin this scenario, create four user accounts. During the scenario, you will assign 1 of the following AGPM roles to each of these accounts: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. These accounts must exist able to send and receive e-mail letters. Assign Link GPOs permission to the accounts that have the AGPM Administrator, Approver, and (optionally) Editor roles.

Annotation Link GPOs permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign Link GPOs permission to boosted users or groups (such equally accounts that have the roles of AGPM Administrator or Approver), click the node for the domain and then click the Delegation tab, select Link GPOs, click Add, and select users or groups to which yous want to assign the permission.

Steps for installing and configuring AGPM

You must complete the post-obit steps to install and configure AGPM.

Step 1: Install AGPM Server

Step two: Install AGPM Client

Step 3: Configure an AGPM Server connexion

Stride four: Configure electronic mail notification

Step v: Delegate access

Step 1: Install AGPM Server

In this pace, yous install AGPM Server on the member server or domain controller that volition run the AGPM Service, and y'all configure the archive. All AGPM operations are managed through this Windows service and are executed with the service's credentials. The annal managed by an AGPM Server can exist hosted on that server or on another server in the same forest.

To install AGPM Server on the computer that will host the AGPM Service

1. Log on with an account that is a member of the Domain Admins group.

2. Commencement the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select Advanced Group Policy Direction - Server.

3. In the Welcome dialog box, click Next.

4. In the Microsoft Software License Terms dialog box, accept the terms then click Next.

5. In the Application Path dialog box, select a location in which to install AGPM Server. The calculator on which AGPM Server is installed will host the AGPM Service and manage the archive. Click Next.

6. In the Archive Path dialog box, select a location for the annal in relation to the AGPM Server. The archive path can signal to a folder on the AGPM Server or elsewhere. However, you should select a location with sufficient space to store all GPOs and history data managed past this AGPM Server. Click Next.

7. In the AGPM Service Account dialog box, select a service account under which the AGPM Service volition run and then click Next.

   This account must exist a member of the either the Domain Admins group or, for a least-privilege configuration, the post-obit groups in each domain managed by the AGPM Server:

   • Group Policy Creator Owners

   • Backup Operators

   Additionally, this account requires Full Control permission for the post-obit folders:

   • The AGPM archive folder, for which this permission is automatically granted during the installation of AGPM Server if information technology is installed on a local drive.

   • The local system temp folder, typically %windir%\temp.

8. In the Archive Owner dialog box, select an account or group to which you lot assign the AGPM Ambassador (Full Command) role. AGPM Administrators can assign AGPM roles and permissions to other Group Policy administrators, so that later you can assign the part of AGPM Ambassador to additional Grouping Policy administrators. For this scenario, select the business relationship to serve in the AGPM Administrator part. Click Adjacent.

9. In the Port Configuration dialog box, type a port on which the AGPM Service should listen. Practice not clear the Add port exception to firewall check box unless you lot manually configure port exceptions or use rules to configure port exceptions. Click Next.

10. In the Languages dialog box, select one or more than display languages to install for AGPM Server.

11. Click Install, and so click Finish to exit the Setup Sorcerer.

    Circumspection   Do non modify settings for the AGPM Service through Administrative Tools and Services in the operating organization. Doing this can prevent the AGPM Service from starting. For information about how to change settings for the service, see Help for Advanced Group Policy Management.

Step 2: Install AGPM Customer

Each Group Policy administrator—anyone who creates, edits, deploys, reviews, or deletes GPOs—must have AGPM Client installed on computers that they use to manage GPOs. The Modify Command node, which yous use to perform many of the GPO management tasks, appears in the Group Policy Management Panel only if you install the AGPM Client. For this scenario, you install AGPM Client on at to the lowest degree 1 calculator. You do not need to install AGPM Customer on the computers of terminate users who practice not perform Group Policy assistants.

To install AGPM Customer on the computer of a Grouping Policy ambassador

1. Showtime the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select Avant-garde Grouping Policy Direction - Client.

2. In the Welcome dialog box, click Next.

3. In the Microsoft Software License Terms dialog box, accept the terms and and so click Next.

4. In the Application Path dialog box, select a location in which to install AGPM Customer. Click Side by side.

5. In the AGPM Server dialog box, type the DNS name or IP address for the AGPM Server and the port to which yous want to connect. The default port for the AGPM Service is 4600. Do not clear the Let Microsoft Management Console through the firewall check box unless yous manually configure port exceptions or use rules to configure port exceptions. Click Adjacent.

6. In the Languages dialog box, select ane or more display languages to install for AGPM Client.

7. Click Install, and so click Stop to exit the Setup Sorcerer.

Step three: Configure an AGPM Server connection

AGPM stores all versions of each controlled Group Policy Object (GPO), that is, each GPO for which AGPM provides change control, in a central annal. This lets Group Policy administrators view and modify GPOs offline without immediately affecting the deployed version of each GPO.

In this footstep, you configure an AGPM Server connectedness and ensure that all Group Policy administrators connect to the same AGPM Server. (For information about how to configure multiple AGPM Servers, meet Assistance for Advanced Group Policy Management.)

To configure an AGPM Server connection for all Group Policy administrators

1. On a computer on which you have installed AGPM Customer, log on with the user account that you selected as the Archive Owner. This user has the role of AGPM Administrator (Full Control).

2. Click Start, signal to Administrative Tools, and and then click Grouping Policy Management to open the GPMC.

3. Edit a GPO that is practical to all Grouping Policy administrators.

4. In the Group Policy Direction Editor window, double-click User Configuration, Policies, Administrative Templates, Windows Components, and AGPM.

5. In the details pane, double-click AGPM: Specify default AGPM Server (all domains).

6. In the Properties window, select Enabled and blazon the DNS name or IP address and port (for example, server.contoso.com:4600) for the server hosting the archive. Past default, the AGPM Service uses port 4600.

7. Click OK, and so shut the Grouping Policy Management Editor window. When Group Policy is updated, the AGPM Server connection is configured for each Group Policy ambassador.

Step 4: Configure electronic mail notification

As an AGPM Administrator (Full Command), yous designate the east-mail addresses of Approvers and AGPM Administrators to whom an e-postal service message that contains a asking is sent when an Editor tries to create, deploy, or delete a GPO. You lot too determine the alias from which these letters are sent.

To configure eastward-mail notification for AGPM

1. In Grouping Policy Management Editor , navigate to the Change Command folder

2. In the details pane, click the Domain Delegation tab.

3. In the From email address field, type the east-mail alias for AGPM from which notifications should be sent.

4. In the To e-postal service address field, blazon the e-postal service address for the user account to which you intend to assign the Approver office.

5. In the SMTP server field, blazon a valid SMTP mail server.

6. In the User name and Countersign fields, blazon the credentials of a user who has access to the SMTP service. Click Apply.

Pace five: Consul access

As an AGPM Administrator (Full Control), you delegate domain-level admission to GPOs, assigning roles to the account of each Group Policy administrator.

Note   Y'all tin also delegate access at the GPO level instead of the domain level. For more data, meet Help for Advanced Group Policy Direction.

Important   You should restrict membership in the Group Policy Creator Owners group so that information technology cannot be used to circumvent AGPM management of access to GPOs. (In the Group Policy Management Console, click Grouping Policy Objects in the forest and domain in which yous desire to manage GPOs, click Delegation, and so configure the settings to see the needs of your organisation.)

To consul admission to all GPOs throughout a domain

1. On the Domain Delegation tab, click the Add push, select the user account of the Group Policy administrator to serve as Approver, and and so click OK.

2. In the Add Group or User dialog box, select the Approver function to assign that function to the account, and so click OK. (This role includes the Reviewer role.)

3. Click the Add together button, select the user account of the Grouping Policy administrator to serve as Editor, and then click OK.

4. In the Add Group or User dialog box, select the Editor role to assign that role to the business relationship, and so click OK. (This office includes the Reviewer role.)

5. Click the Add button, select the user account of the Group Policy administrator to serve as Reviewer, then click OK.

6. In the Add Group or User dialog box, select the Reviewer role to assign only that office to the business relationship.

Steps for managing GPOs

Y'all must complete the following steps to create, edit, review, and deploy GPOs by using AGPM. Additionally, you lot volition create a template, delete a GPO, and restore a deleted GPO.

Step 1: Create a GPO

Stride ii: Edit a GPO

Step 3: Review and deploy a GPO

Stride 4: Use a template to create a GPO

Pace five: Delete and restore a GPO

Stride 1: Create a GPO

In an environment that has multiple Group Policy administrators, those with the Editor role tin can request that new GPOs exist created. However, that asking must be approved by someone with the Approver office.

In this step, you use an account that has the Editor role to request that a new GPO be created. Using an account that has the Approver function, you approve this request to create the GPO.

To asking that a new GPO exist created and managed through AGPM

1. On a computer on which y'all have installed AGPM Client, log on with a user account that is assigned the Editor role in AGPM.

2. In the Group Policy Management Console tree, click Change Control in the forest and domain in which you desire to manage GPOs.

3. Right-click the Modify Control node, and and then click New Controlled GPO.

4. In the New Controlled GPO dialog box:

   1. To receive a copy of the request, type your electronic mail accost in the Cc field.

   2. Type MyGPO as the name for the new GPO.

   3. Type a comment for the new GPO.

   4. Click Create alive so that the new GPO volition be deployed to the production surround immediately upon approval. Click Submit.

5. When the AGPM Progress window indicates that overall progress is complete, click Close. The new GPO is displayed on the Awaiting tab.

To corroborate the awaiting request to create a GPO

1. On a computer on which y'all have installed AGPM Customer, log on with a user account that has the part of Approver in AGPM.

2. Open the e-mail inbox for the account, and notice that you have received an email message from the AGPM alias with the Editor's request to create a GPO.

3. In the Group Policy Direction Panel tree, click Change Control in the forest and domain in which you want to manage GPOs.

4. On the Contents tab, click the Pending tab to display the pending GPOs.

5. Right-click MyGPO, and so click Approve.

6. Click Yeah to ostend approval and move the GPO to the Controlled tab.

Step 2: Edit a GPO

You can apply GPOs to configure computer or user settings and deploy them to many computers or users. In this pace, you utilize an account that has the Editor role to check out a GPO from the archive, edit the GPO offline, bank check the edited GPO into the archive, and request deployment of the GPO to the product environment. For this scenario, y'all configure a setting in the GPO to require that the password be at least eight characters long.

To check the GPO out from the archive for editing

1. On a calculator on which y'all have installed AGPM Client, log on with a user business relationship that has the function of Editor in AGPM.

2. In the Group Policy Management Console tree, click Change Control in the forest and domain in which you want to manage GPOs.

3. On the Contents tab in the details pane, click the Controlled tab to display the controlled GPOs.

4. Correct-click MyGPO, and and then click Check Out.

5. Type a annotate to be displayed in the history of the GPO while information technology is checked out, and then click OK.

6. When the AGPM Progress window indicates that overall progress is complete, click Close. On the Controlled tab, the state of the GPO is identified as Checked Out.

To edit the GPO offline and configure the minimum password length

1. On the Controlled tab, right-click MyGPO, and then click Edit to open the Group Policy Management Editor window and change an offline copy of the GPO. For this scenario, configure the minimum countersign length:

   1. Under Computer Configuration, double-click Policies, Windows Settings, Security Settings, Business relationship Policies, and Password Policy.

   2. In the details pane, double-click Minimum countersign length.

   3. In the properties window, select the Define this policy setting bank check box, gear up the number of characters to 8, then click OK.

2. Close the Group Policy Management Editor window.

To bank check the GPO into the archive

1. On the Controlled tab, right-click MyGPO and then click Cheque In.

2. Type a comment, and then click OK.

3. When the AGPM Progress window indicates that overall progress is complete, click Close. On the Controlled tab, the state of the GPO is identified every bit Checked In.

To request the deployment of the GPO to the production surroundings

1. On the Controlled tab, right-click MyGPO and and then click Deploy.

2. Because this business relationship is not an Approver or AGPM Ambassador, you must submit a request for deployment. To receive a copy of the request, type your email address in the Cc field. Type a comment to be displayed in the history of the GPO, and and so click Submit.

3. When the AGPM Progress window indicates that overall progress is complete, click Close. MyGPO is displayed on the list of GPOs on the Pending tab.

Step three: Review and deploy a GPO

In this step, you act as an Approver, creating reports and analyzing the settings and changes to settings in the GPO to determine whether you should approve them. Subsequently you evaluate the GPO, yous deploy it to the production environs and link the GPO to a domain or an organizational unit (OU). The GPO takes effect when Grouping Policy is refreshed for computers in that domain or OU.

To review settings in the GPO

1. On a computer on which yous accept installed AGPM Client, log on with a user account that is assigned the role of Approver in AGPM. Whatsoever Group Policy administrator with the Reviewer office, which is included in all of the other roles, tin review the settings in a GPO.

2. Open the email inbox for the account and notice that you lot have received an e-post message from the AGPM alias with an Editor's request to deploy a GPO.

3. In the Group Policy Management Panel tree, click Change Control in the woods and domain in which you want to manage GPOs.

4. On the Contents tab in the details pane, click the Awaiting tab.

5. Double-click MyGPO to brandish its history.

6. Review the settings in the almost recent version of MyGPO:

   1. In the History window, right-click the GPO version with the most contempo time postage, click Settings, and and then click HTML Report to display a summary of the GPO's settings.

   2. In the Web browser, click show all to brandish all the settings in the GPO. Close the browser.

7. Compare the most recent version of MyGPO to the first version checked in to the archive:

   1. In the History window, click the GPO version with the most contempo time postage. Press CTRL then click the oldest GPO version for which the Computer Version is not \*.

   2. Click the Differences push. The Account Policies/Countersign Policy department is highlighted in greenish and preceded by [+]. This indicates that the setting is configured only in the latter version of the GPO.

   3. Click Account Policies/Password Policy. The Minimum password length setting is likewise highlighted in greenish and preceded by [+], indicating that information technology is configured only in the latter version of the GPO.

   4. Close the Spider web browser.

To deploy the GPO to the production environment

1. On the Awaiting tab, right-click MyGPO and then click Approve.

2. Type a comment to include in the history of the GPO.

3. Click Yeah. When the AGPM Progress window indicates that overall progress is complete, click Shut. The GPO is deployed to the production environment.

To link the GPO to a domain or organizational unit of measurement

1. In the GPMC, right-click either the domain or an organizational unit (OU) to which you want to apply the GPO that you configured, and and then click Link an Existing GPO.

2. In the Select GPO dialog box, click MyGPO, and so click OK.

Stride 4: Use a template to create a GPO

In this step, yous use an account that has the Editor role to create and utilize a template. That template is a static version of a GPO for use every bit a starting betoken for creating new GPOs. Although you cannot edit a template, you lot can create a new GPO based on a template. Templates are useful for quickly creating multiple GPOs that include many of the aforementioned policy settings.

To create a template based on an existing GPO

1. On a reckoner on which you take installed AGPM Client, log on with a user account that is assigned the role of Editor in AGPM.

2. In the Group Policy Management Console tree, click Change Command in the forest and domain in which yous want to manage GPOs.

3. On the Contents tab in the details pane, click the Controlled tab.

4. Correct-click MyGPO, and then click Salvage equally Template to create a template incorporating all settings currently in MyGPO.

5. Blazon MyTemplate equally the proper noun for the template and a comment, and and so click OK.

6. When the AGPM Progress window indicates that overall progress is complete, click Close. The new template appears on the Templates tab.

To asking that a new GPO be created and managed through AGPM

1. Click the Controlled tab.

2. Right-click the Change Command node, and and so click New Controlled GPO.

3. In the New Controlled GPO dialog box:

   1. To receive a copy of the asking, type your e-mail accost in the Cc field.

   2. Blazon MyOtherGPO every bit the proper noun for the new GPO.

   3. Type a comment for the new GPO.

   4. Click Create live and so that the new GPO will be deployed to the production environment immediately upon approval.

   5. For From GPO template, select MyTemplate. Click Submit.

4. When the AGPM Progress window indicates that overall progress is complete, click Close. The new GPO is displayed on the Awaiting tab.

Use an account that is assigned the role of Approver to approve the pending request to create the GPO as you did in Step 1: Create a GPO. MyTemplate incorporates all the settings that y'all configured in MyGPO. Because MyOtherGPO was created using MyTemplate, information technology at first contains all the settings that MyGPO contained at the time that MyTemplate was created. You lot tin can confirm this by generating a departure report to compare MyOtherGPO to MyTemplate.

To check the GPO out from the annal for editing

1. On a estimator on which y'all have installed AGPM Client, log on with a user account that is assigned the office of Editor in AGPM.

2. Right-click MyOtherGPO, and then click Check Out.

3. Type a comment to exist displayed in the history of the GPO while information technology is checked out, and then click OK.

4. When the AGPM Progress window indicates that overall progress is complete, click Close. On the Controlled tab, the state of the GPO is identified as Checked Out.

To edit the GPO offline and configure the account lockout duration

1. On the Controlled tab, right-click MyOtherGPO, and and so click Edit to open the Group Policy Management Editor window and change an offline re-create of the GPO. For this scenario, configure the minimum password length:

   1. Under Computer Configuration, double-click Policies, Windows Settings, Security Settings, Account Policies, and Account Lockout Policy.

   2. In the details pane, double-click Account lockout duration.

   3. In the properties window, cheque Ascertain this policy setting, gear up the duration to 30 minutes, and then click OK.

2. Close the Group Policy Management Editor window.

Cheque MyOtherGPO into the annal and request deployment every bit you did for MyGPO in Pace ii: Edit a GPO. You tin compare MyOtherGPO to MyGPO or to MyTemplate by using deviation reports. Any business relationship that includes the Reviewer part (AGPM Administrator [Full Control], Approver, Editor, or Reviewer) can generate reports.

To compare a GPO to some other GPO and to a template

1. To compare MyGPO and MyOtherGPO:

   1. On the Controlled tab, click MyGPO. Press CTRL and and then click MyOtherGPO.

   2. Right-click MyOtherGPO, signal to Differences, and and then click HTML Written report.

2. To compare MyOtherGPO and MyTemplate:

   1. On the Controlled tab, click MyOtherGPO.

   2. Right-click MyOtherGPO, point to Differences, and so click Template.

   3. Select MyTemplate and HTML Report, and then click OK.

Step v: Delete and restore a GPO

In this step, you human action every bit an Approver to delete a GPO.

To delete a GPO

1. On a computer on which yous have installed AGPM Client, log on with a user account that is assigned the role of Approver.

2. In the Group Policy Management Console tree, click Change Command in the forest and domain in which you lot want to manage GPOs.

3. On the Contents tab, click the Controlled tab to display the controlled GPOs.

4. Right-click MyGPO, and and so click Delete. Click Delete GPO from archive and product to delete both the version in the annal and the deployed version of the GPO in the production environment.

5. Type a comment to exist displayed in the inspect trail for the GPO, and then click OK.

6. When the AGPM Progress window indicates that overall progress is complete, click Close. The GPO is removed from the Controlled tab and is displayed on the Recycle Bin tab, where it can exist restored or destroyed.

Occasionally yous may find subsequently you lot delete a GPO that it is however needed. In this step, you act as an Approver to restore a GPO that was deleted.

To restore a deleted GPO

1. On the Contents tab, click the Recycle Bin tab to display deleted GPOs.

2. Right-click MyGPO, and then click Restore.

3. Type a annotate to be displayed in the history of the GPO, and so click OK.

4. When the AGPM Progress window indicates that overall progress is complete, click Shut. The GPO is removed from the Recycle Bin tab and is displayed on the Controlled tab.

   Note   Restoring a GPO to the annal does not automatically redeploy information technology to the production environs. To return the GPO to the production environment, deploy the GPO as in Step 3: Review and deploy a GPO.

After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, yous deed as an Approver to whorl back to an earlier version of the GPO. You can roll back to whatever version in the history of the GPO. You lot can utilize comments and labels to identify known skillful versions and when specific changes were made.

To roll dorsum to an earlier version of a GPO

1. On the Contents tab, click the Controlled tab to display the controlled GPOs.

2. Double-click MyGPO to display its history.

3. Right-click the version to be deployed, click Deploy, and and so click Yes.

4. When the Progress window indicates that overall progress is complete, click Close. In the History window, click Close.

   Note   To verify that the version that was redeployed is the version intended, examine a deviation report for the two versions. In the History window for the GPO, select the two versions, correct-click them, point to Difference, and and so click either HTML Report or XML Report.

Feedback

Submit and view feedback for

Source: https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40

Posted by: meadowdoetianighim.blogspot.com

Share this post