Group Policy and AGPM

11. June 2012

When installing a 360 environment you must consider using the GPO for various settings. The most common examples of setting up GPO is:

  • Security settings on the local machine.
  • Internet explorer settings for the user.
  • Mapping of networks drives.
  • Installing software.

Group Policy objects can be configured on any machine in the domain, using the appropriate MMC console forconfiguration. You must be a Domain Administrator to configure the GPO.

In my opinion you should always use the Advance Group Policy Management software (AGPM), to configure your group policy objects. AGPM is a small add-on you will find in the Desktop optimization pack (MDOP). This feature creates an interface into GPO, which makes it easy to control and manage.

The two most important features in the pack are

  • Delegation of access rights
    • This feature makes it possible for you to delegate the maintenance of a GPO to any user in the domain. This user must only be part of the AGPM Editor group. The user is not required to be member of the Domain Admins
  • Check in/out and deployment of GPO objects
    • This feature ensure that you work on your GPO objects as real programming objects that are checked out, can be tested and verified before they are checked in and deployed. It also ensures that the deployment process is controlled and delegated to dedicated people.

Leave a Reply