Tech·Ed North America 2009 9/13/2018 5:39 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
MDOP: Managing GPOs with Advanced Group Policy Management 3.0 Microsoft Confiential: Preliminary Information: NDA Only MDOP: Managing GPOs with Advanced Group Policy Management 3.0 Michael Kleef Program Manager Microsoft WCL308
What We Will discuss Advanced Group Policy Management (AGPM) 9/13/2018 5:39 AM What We Will discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New Features Getting it Running What Does the Future Hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What We Want Know what changed and undo bad changes
What We Want Track settings across GPOs in live environment
demo The Big Picture
What We Will Discuss Advanced Group Policy Management (AGPM) 9/13/2018 5:39 AM What We Will Discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Change Management Version Control using check in – check out Permissions prevent accidental edits Offline Editing separates production from the Archive
Offline Editing Edit GPOs offline before deploying live
Template Create a complete baseline for future GPOs
Comments Add useful metadata for important changes “Adjusted IE restrictions after PTA meeting” “Changed desktop background from whatever the user wants to corporate approved” “Removed Solitaire from Emergency Room computers” Add useful metadata for important changes
demo Authoring
What We Will discuss Advanced Group Policy Management (AGPM) Auditing 9/13/2018 5:39 AM What We Will discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Auditing Get complete details on what happened, who did it, and why
Auditing - History History is a list of complete backups Rollback to a safe state Safeguard your live environment from unapproved changes and untested settings
What We Will Discuss Advanced Group Policy Management (AGPM) Reporting 9/13/2018 5:39 AM What We Will Discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
vs Reporting GPO 1.0 Security Template GPO A Security Kiosk GPO 1.5 Settings Parity with Group Policy settings reports Difference Versions: older compared to newer Any two GPOs Template: GPO compared to its baseline GPO 1.0 Security Template GPO A Security Kiosk GPO 1.5 GPO B vs
Reporting - Differences Added Changed Removed Compare settings between GPOs
Auditing and Reporting demo Auditing and Reporting
What We Will Discuss Advanced Group Policy Management (AGPM) 9/13/2018 5:39 AM What We Will Discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Delegation - Roles Define granular control without making everyone Full Control Editor Approver Reviewer Define granular control without making everyone a Domain Admin 21
Workflow Create a repeatable workflow that you can track Offline Control Check-out Edit Check-in Requests Reporting Deployment Create a repeatable workflow that you can track Offline
demo Workflow
What We Will Discuss Advanced Group Policy Management (AGPM) 9/13/2018 5:39 AM What We Will Discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
New 3.0 Features Overview OS support Localization Windows 2008, Vista SP1 with RSAT 64 bit systems Group Policy Preferences Localization 11 languages Granular change tracking Purge historical data Delegation
Granular Change Tracking
Purge Historical Data
Delegation
Also… Improved installation process Simplified procedure for modifying the port on which the AGPM Server listens Email security - SSL encryption of SMTP traffic Friendlier names for AGPM policy settings The Editor role requires permissions to delete GPOs Improved GPO role delegation experience General UI improvements
What We Will Discuss Advanced Group Policy Management (AGPM) 9/13/2018 5:39 AM What We Will Discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Requirements Windows Server 2008 Vista SP1 + RSAT Server component Domain member or DC .net framework 3.5 Specifics Establish a service account Establish an administrator Client component Installed on computer with GPMC .net Framework 3.0 Windows Server 2008 Vista SP1 + RSAT Full support for 64 bit systems and GP Preferences 31
Administrative Desktop Set-up Archive/Offline Production AGPM Server Copy of GPO 2 Domain Controller GPO 1 GPO 2 GPO 2 Copy of GPO 1 GPO 1 Direct link Server Component Direct link Admin Component Administrative Desktop 32
What We Will Discuss Advanced Group Policy Management (AGPM) 9/13/2018 5:39 AM What We Will Discuss Advanced Group Policy Management (AGPM) Change Management Auditing Reporting New features Getting it running What does the future hold for AGPM? © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Advanced Group Policy Management AGPM Roadmap H2 CY08 CY09 AGPM 3.0 Flexible security WS08 support Localization Enhanced UI AGPM 4.0 Search & Filter Cross-forest GPO mgmt Windows 7 /WS08 R2 support MDOP: Advanced Group Policy Management
demo AGPM 4.0
Translating software inventory into business intelligence Dynamically streaming software as a centrally managed service Enhancing group policy through change management Proactively managing application and operating system failures Powerful tools to accelerate desktop repair Simplifying deployment and management of Virtual PCs
Summary Create a complete baseline for future GPOs 9/13/2018 5:39 AM Summary Create a complete baseline for future GPOs Add useful metadata for important changes Get complete details on what happened, who did it, and why Safeguard your live environment from unapproved changes and untested settings Compare settings between GPOs Define granular control w/o making everyone a domain admin Create a repeatable workflow that you can track Edit GPOs offline before deploying live Goals: Know what changed and undo bad changes Track settings across GPOs in live environment © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Group Policy sessions WSV326 Windows Server 2008 R2 Group Policy Changes - 2:45PM-4:00PM – Petree Hall D
Blogs.technet.com/mkleef Blogs.technet.com/grouppolicy question & answer Blogs.technet.com/mkleef Blogs.technet.com/grouppolicy
Helpful Resources Group Policy TechNet page http://www.microsoft.com/technet/grouppolicy Group Policy Team Blog http://blogs.technet.com/grouppolicy Group Policy TechNet Forum http://forums.microsoft.com/TechNet
appendix 41
Resources www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Community www.microsoft.com/learning Microsoft Certification & Training Resources http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources
Track Resources Meet us today at the Want to find out which Windows Client sessions are best suited to help you in your deployment lifecycle? Want to talk face-to-face with folks from the Windows Product Team? Meet us today at the Springboard Series Lounge, or visit us at www.microsoft.com/springboard Springboard Series The Springboard Series empowers you to select the right resources, at the right technical level, at the right point in your Windows® Client adoption and management process. Come see why Springboard Series is your destination for Windows 7.
Complete an evaluation on CommNet and enter to win!
9/13/2018 5:39 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.