1 / 38

Microsoft Desktop Optimization Pack: Managing GPOs with Advanced Group Policy Management (AGPM) 4.0

Microsoft Desktop Optimization Pack: Managing GPOs with Advanced Group Policy Management (AGPM) 4.0 . Brad McCabe, Product Manager Michael Kleef, Program Manager. CLI316. What we will discuss. Introducing Advanced Group Policy Management (AGPM) What’s new in AGPM 4.0 Search Multi-Forest

duscha
Download Presentation

Microsoft Desktop Optimization Pack: Managing GPOs with Advanced Group Policy Management (AGPM) 4.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Desktop Optimization Pack: Managing GPOs with Advanced Group Policy Management (AGPM) 4.0 Brad McCabe, Product Manager Michael Kleef, Program Manager CLI316

  2. What we will discuss • Introducing Advanced Group Policy Management (AGPM) • What’s new in AGPM 4.0 • Search • Multi-Forest • Windows 7/Windows Server 2008 R2 Support • How it works “under the covers” • How to get it

  3. Introducing AGPM

  4. What We Want meat (start) mat(removed ‘e’) man (changed ‘t’ to ‘n’) mane(added ‘e’) mine (changed ‘a’ to ‘i’) Know what changed and undo bad changes

  5. Advanced Group Policy Management Enhancing group policy through change management Benefits What it Does • Enable group policy change management • Provides granular administrative control • Reduce risk of widespread failure • Versioning, history & rollback of group policy changes • Role-based administration & templates • Workflow • Offline editing London Borough of Camden Previous Version New Version “We have increased control of Group Policy Objects (GPOs) and cut downtime previously linked to improperly configured GPOs.” Released October 2009 3.0 Simon BoxallActive Directory Infrastructure Engineer, London Borough of Camden

  6. Architecture Archive/Offline Production Copy of GPO 2 AGPM Server Domain Controller GPO 1 GPO 2 GPO 2 Copy of GPO 1 Direct link GPO 1 Server Component Direct link Admin Component Administrative Desktop

  7. Offline Editing Edit GPOs offline before deploying live

  8. Differences Compare settings between GPOs added changed removed

  9. Delegation - Roles • Approver • Reviewer • Editor • Full Control Define granular control without making everyone a Domain Admin

  10. Workflow Offline Create a repeatable workflow that you can track

  11. demo How AGPM works: Editing, Linking, Reporting and Deploying

  12. What’s new in AGPM 4.0

  13. AGPM 4.0 Client and Server Support

  14. Search (Filtering) • What it does • Filters GPOs by properties • Allows for column precision • Maintains a list of the recent 10 searches • What it doesn’t do • Search for settings

  15. Multi Forest Support • What it does • Allows GPO movement from AGPM to AGPM • Preserves origin metadata • Supports migration tables • What it doesn’t do • Online moves between domains/forests • GPP and Migrations Tables limitation

  16. Windows 7/Server 2008 R2 • What was supported • Group Policy Preferences • Reporting for all new extensions • Applocker, DNSSEC, IE8, Scheduled Tasks • Service execution • RSAT

  17. demo Authoring AGPM…the new Stuff Editing, Searching, Moving and Deploying

  18. Microsoft Desktop Optimization PackWhat you need to know What the Desktop Optimization Pack provides • Regular updates • Faster upgrade cycle, separate from Windows® • Minimal deployment effort 1 Provide immediate ROI • Run out of the box • Integrate with existing management solutions 2 Deliver end-to-end solutions • >95% of MDOP customers are (very) satisfied *1 • $70-$80 net cost savings per PC per year using MDOP *2 3 • Lower Desktop TCO *1, Microsoft MDOP customer study. Base: Current MDOP customer n=500 non-MDOP customer n=500 *2, MDOP ROI Analysis by Wipro

  19. question & answer

  20. Helpful Resources MDOP Blog http://blogs.technet.com/MDOP/ MDOP TechNet page http://www.microsoft.com/technet/mdop/ Group Policy TechNet page http://www.microsoft.com/technet/grouppolicy Group Policy Team Bloghttp://blogs.technet.com/grouppolicy Group Policy TechNet Forum http://forums.microsoft.com/TechNet

  21. Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

  22. Required Slide © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  23. appendix

  24. Controlling GPOs

  25. Requests

  26. Deployment

  27. What we want meat (start) mat(removed ‘e’) man (changed ‘t’ to ‘n’) mane(added ‘e’) mine (changed ‘a’ to ‘i’) Know what changed and undo bad changes

  28. Auditing Get complete details on what happened, who did it, and why

  29. History History is a list of complete backups Rollback to a safe state Safeguard your live environment from unapproved changes and untested settings

  30. Reporting • Settings • Parity with Group Policy settings reports • Difference • Versions: older compared to newer • Any 2 GPOs • Template: GPO compared to its baseline Security Template Security Kiosk GPO 1.0 GPO A GPO B GPO 1.5 vs

  31. demo Workflow

  32. What we will discuss • Advanced Group Policy Management (AGPM) • Change Management • Auditing • Reporting • Delegation • New features • What does the future hold for AGPM? • How to get it

  33. New 3.0 Features Overview • OS support • Windows 2008, Vista SP1 with RSAT • 64 bit systems • Group Policy Preferences • Localization • 11 languages • Granular change tracking • Purge historical data • Delegation

  34. Granular change tracking

  35. Purge historical data

  36. Delegation

  37. Also… • Improved installation process • Simplified procedure for modifying the port on which the AGPM Server listens • Email security - SSL encryption of SMTP traffic • Friendlier names for AGPM policy settings • The Editor role requires permissions to delete GPOs • Improved GPO role delegation experience • General UI improvements

More Related