Freigeben über


Active Directory Group Policy Object (GPO) Delegation and Approval Workflow With AGPM 3.0

AGPM In the TechNet Webcast: Microsoft Solutions for Windows Vista Management (Level 300), I will demo a number of capabilities for managing Vista desktops and Windows environment in general. Microsoft Advanced Group Policy Management (AGPM) 3.0 is one of the 5 components in Microsoft Desktop Optimization Pack for Software Assurance (MDOP) 2008 R2. AGPM enables the change-approval workflow of Group Policy Objects (GPOs) and is something I thought worth a special introduction here. Meanwhile I am also developing a screencast and will publish it here soon.

AGPM is to help customers better manage GPOs, particularly those with complex information technology (IT) environments. A robust delegation model, role-based administration, and change-request approval provide granular administrative control as described in the overview whitepaper and shown below. image For example, you can delegate Reviewer, Editor, and Approver roles to other administrators — even administrators who do not have access to production GPOs.  The Editor role can edit GPOs but not deploy them; the Approver role can deploy GPO changes. AGPM also helps reduce the risk of widespread failures. You can use AGPM to edit GPOs offline, outside of the production environment, and then audit changes and easily find differences between GPO versions. In addition, AGPM supports effective change control by providing version tracking, history capture, and quick rollback of deployed GPO changes. It also supports a management workflow by allowing you to create GPO template libraries and send GPO change e-mail notifications. Step-by-Step and Operations Guides of AGM 3.0 are also readily available.

For those who are interested in finding more, MDOP 2008 R2 was RTM in September of 2008. Here are demos, more demos, and FAQ. Subscribers can download MDOP 2008 R2 from the TechNet and MSDN subscription sites. The availability of the components is as follows through Microsoft Volume Licensing Service (MVLS):

The official MDOP blog is the channel to get the latest.