Microsoft Advanced Group Policy Management (AGPM) helps you better manage Group Policy objects (GPOs) in your environment by providing change control, offline editing, and role-based delegation.
What would this tool do? It would help you better delegate who can review, edit, and deploy Group Policy objects (GPOs). It would help you prevent widespread failures that result from editing GPOs in production.
You could use it to track each version of each GPO and roll back if needed or track the changes between different versions of a GPO.
AGPM is a key component of the Microsoft Desktop Optimization Pack (MDOP).
Version 3.0 of AGPM supports the latest Microsoft operating systems (Vista SP1 and Windows Server 2008) and has added some highly requested customer features as outlined below.
Full x64 support
Both the AGPM client and server components fully support x64 architecture and operating systems. There is a x64 & x32 bit version of both the client and server.
WOW64 is not supported. This means a 64-bit version of AGPM must be installed on a 64-bit version of the host Operating System and a 32-bit version of AGPM must be installed on a 32-bit version of AGPM.
Communication between different client and server platform architectures is fully supported. This means that a 64-bit AGPM client can communicate with a 32-bit AGPM server and a 32-bit AGPM client can communicate with a 64-bit AGPM server.
Windows Vista SP1 & Windows Server 2008
Significant changes have been made to the GPMC (2.0) in these OSes and AGPM depends on the GPMC interfaces extensively. Therefore this version of AGPM is only installable on Windows Vista SP1 with Remote Server Administration Toolkit (RSAT) or Windows Server 2008. Windows Vista SP1 does no longer have the GPMC integrated into the operating system. The GPMC needs to be installed on Windows Vista SP1 through an OOB download called RSAT prior to installing either the client or server. NOTE:
Although version 2.5 will still be available for customers who do not plan to upgrade to these operating systems, version 3.0 client or server service will not communicate with the version 2.5 client or server service.
Version 3.0 allows the permissions deployed to a GPO to be customized. The default permissions are the same as version 2.5, however, custom permissions can be configured for each domain. The permissions configured on the “Production Delegation” tab will replace any permission already on a production GPO when it is controlled or deployed from the AGPM server. Applying the above permissions to the production GPO when taken into AGPM control will prevent changes to production GPOs from outside of AGPM as soon as a GPO is controlled.
More robust change tracking
The AGPM history has been changed to track more changes made to GPOs such as when/who made a request, when/who Approved/Rejected the request, when/who made changes to AGPM delegation, etc.
Purge Historical data
This version gives the AGPM administrator the ability to purge old data by specifying on the AGPM Server tab how many historical versions to retain. Purging old data deletes the data (GPO backup) from the archive so this data is no longer be accessible. The information about the historical action is, however, retained in the history and an entry is recorded in the history that data was purged. This means that if a checked in GPO from 6 months ago was purged, reports, etc. cannot be run against it but the history view still shows that a check-in was performed.
Group Policy Preferences Support
This version fully supports the new Group Policy Preferences (GPP) functionality added to Windows Server 2008.
General UI improvements
Changes have been made to field names and ordering to better describe the information contained in the field. Additionally the order in which the fields are displayed has been changed to make more pertinent information easier to find.
Localized in 13 additional languages which will be available 3 months after English version ships.