In case you missed the PacITPros meeting on December 7th, you missed out on some interesting vendor and technical presentations. In addition to a presentation from BlueCat Networks and Hurricane Electric, I did a short demo of one of the MDOP tools - the Advanced Group Policy Manager 4.0.
This tool hooks right into the existing Group Policy Manager snap-in you know and love in your MMC and with the use of a designated archive server, extends the functionality to include better search features and change management. No matter the size of your organization or the number of IT staff you share group policy tasks with, you can benefit from this tool. Even if you are the only person who does anything with group policies, this tool will make your life easier.
First, the change control features take away much of the pain of keeping track of what was changed when and potentially by who. Policies that are controlled by the system must be checked in and out for adjustments, which automatically creates a history record capturing the state of a policy at any given time. These records can easily be reviewed for corporate compliance and policies can even be rolled back to previous states.
With new roles created within the tool, non-admininstrators (even regular domain users) can be granted the ability to review or edit policies... leaving the actual deployment and linking of the GPOs to system administrators.
The abililty to search and filter your view of policies is much improved. You can search by name, state (checked in, checked out), even by variables such being updated "last month" or "last week".
Finally, you can easily import and export policies, even across forests. No more manual recreation of the perfect policy just because you want to use it in your test lab environment or in another forest.
Finally, keep in mind that APGM 4.0 adds support for Windows Server 2008 R2 and Windows 7, as well as runs on Windows Server 2008 and Vista. If you are supporting an environment with older versions of Windows Server, consider version 2.5 or 3.0 of the tool. Not of all of the features are included, but if you are looking specifically for the change management aspects, those older versions may work for you until you upgrade your servers.
Out of the six tools in the Microsoft Desktop Optimization Pack, APGM isn't one I'd overlook.
Subscribe to:
Post Comments (Atom)
-small.jpg)
jennelle -
ReplyDeleteany chance you may have captured some reference documentation on the SPNs that are created during install?
i would have expected version 4.0 not to require "domain admins" during install, but this appears to specifically so that it can have rights to run spns.
i don't know that to be sure since i have barely made it into the installation so far. anyway, would love it if you have some material on it. thanks!
Hi Marcus,
ReplyDeleteI haven't looked into any of the SPN creation related to AGPM. I would expect that the server side installation would need domain admin rights during the install, since it needs to connect to AD. The software for the client machines probably only needs local admin rights.