Step-by-Step Guide for Microsoft Advanced Group Policy Management 0
Step-by-Step Guide for Microsoft Advanced
Yüklə 306,44 Kb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- AGPM scenario overview
|
5 Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 This step-by-step guide demonstrates advanced techniques for Group Policy management that use the Group Policy Management Console (GPMC) and Microsoft Advanced Group Policy Management (AGPM). AGPM increases the capabilities of the GPMC, providing: Standard roles for delegating permissions to manage Group Policy objects (GPOs) to multiple Group Policy administrators, in addition to the ability to delegate access to GPOs in the production environment. An archive to enable Group Policy administrators to create and modify GPOs offline before the GPOs are deployed into a production environment. The ability to roll back to any earlier version of a GPO in the archive and to limit the number of versions stored in the archive. Check-in and check-out capability for GPOs to make sure that Group Policy administrators do not unintentionally overwrite each other's work. The ability to search for GPOs with specific attributes and to filter the list of GPOs displayed. AGPM scenario overview For this scenario, you will use a separate user account for each role in AGPM to demonstrate how Group Policy can be managed in an environment that has multiple Group Policy administrators who have different levels of permissions. Specifically, you will perform the following tasks: Using an account that is a member of the Domain Admins group, install AGPM Server and assign the AGPM Administrator role to an account or group. Using accounts to which you will assign AGPM roles, install AGPM Client. Using an account that has the AGPM Administrator role, configure AGPM and delegate access to GPOs by assigning roles to other accounts. From an account that has the Editor role, request that a new GPO be created that you then approve by using an account that has the Approver role. Use the Editor account to check the GPO out of the archive, edit the GPO, check the GPO into the archive, and then request deployment. Using an account that has the Approver role, review the GPO and deploy it to your production environment. Using an account that has the Editor role, create a GPO template and use it as a starting point to create a new GPO. Using an account that has the Approver role, delete and restore a GPO. |