Windows Server blog by Kurt Roggen [BE]

The AGPM infrastructure is composed out of a AGPM Server and Client component.
For version 3.0, both components are available in x86 and x64 for Windows Vista SP1 and Windows Server 2008.

AGPM Server

When installing the AGPM Server (read: a Windows service), you are actually creating an empty AGPM archive (by default located in %ProgramData%\Microsoft\AGPM) for offline use. Later on you can selectively import/copy production GPOs (located on your domain controllers SYSVOL share) into this AGPM Server archive through the AGPM Client interface. In this way, the AGPM Server has control over those GPOs (offline in the archive). From this moment on, the AGPM Client now uses this AGPM Archive for all GPO operations (Creation, Editing, Reporting, …), so that those operations do not impact your production environment in any way!

When deploying GPOs through AGPM, you are pushing out GPOs from the AGPM Server Archive into your production domain controller’s SYSVOL.

If installing AGPM Server on a domain controller, you can configure the AGPM service account as LocalSystem.  Otherwise, you must select another account. For more information read my upcoming post on “AGPM Least Privilleged Service Account”.
However, as a best practice, keep the AGPM Server and domain controller(s) apart.

AGPM Client

The Advanced Group Policy Management Client is an add-on to Group Policy Management Console (GPMC) that provides change management control over Group Policy Objects and adds the “Change Control” node.

AGPM Client 3.0 requires Windows Server 2008 or Windows Vista with Service Pack 1 and the GPMC from Remote Server Administration Tools (RSAT) installed. Both 32-bit and 64-bit versions are supported. AGPM Client can even be installed on a computer running AGPM Server.

Related reading:

• Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0
• Operations Guide for Microsoft Advanced Group Policy Management 3.0

A while ago I posted an overview of the new features in AGPM 3.0 which is a key component of the Microsoft Desktop Optimization Pack (MDOP). Microsoft Advanced Group Policy Management (AGPM) helps you better manage Group Policy objects (GPOs) in your environment by providing change control, offline editing, rollback capabilities and role-based delegation with workflow.

Version 3.0 of AGPM supports the latest Microsoft operating systems (Vista SP1 and Windows Server 2008 – both x86 and x64) and the new Group Policy Preferences introduced with Windows Server 2008.

Below you find the topics covered by these AGPM screencast series:

AGPM Overview
This screencast talks about the capabilities, added-value and architecture of AGPM 3.0.

Coming up next:

Part 1: Installing AGPM Server & AGPM Client
This step-by-step screencast demonstrates how to install both AGPM client and server components and its pre-requisites

Part 2: Role-based delegation
This step-by-step screencast demonstrates how to delegate permissions inside AGPM based on the role-based delegation model.

Part 3: AGPM Concepts (Controlled, Uncontrolled, Pending, Templates, Recycle bin)
This step-by-step screencast demonstrates some of the basic concepts of AGPM, such as moving uncontrolled GPOs into the offline archive as controlled GPOs, dealing with pending GPO and using the AGPM Recycle Bin to recover/restore Group Policies.

Part 4: Workflow (Creating, Editing, Deploying, Recovering a GPO)
This step-by-step screencast demonstrates the workflow capabilities for GPO operations such as Creating a GPO, Editing a GPO, Deploying a GPO, etc… We also have a look at production delegation.

Related reading:

• Advanced Group Policy Management Data Sheet
• Advanced Group Policy Management Overview Whitepaper 

Microsoft on Tuesday announced the availability of the Beta 2 version of SP2 for Windows Vista and Windows Server 2008. Since both OSs were developed from the same code base, they have a common servicing structure and thus share the same service packs. That said, SP2 provides somewhat different functionality in each system as well.

"Windows Vista SP2 builds on the solid foundation of Windows Vista SP1, and represents our ongoing commitment to Windows Vista today," Microsoft Corporate Vice President Mike Nash noted in a post to the Windows Blog. "Windows Vista SP2 includes all of the updates that have been delivered since the release of Windows Vista SP1, and incorporates improvements discovered through automated feedback."

On Windows Vista, SP2 provides Windows Search 4.0, the Windows Vista Feature Pack for Wireless, a Service Pack Cleanup tool, application compatibility updates and a number of other small changes.

On Windows Server 2008, SP2 gains the release version (RTM) of Hyper-V (the initial version of the OS included a pre-release version), improved management tools, updated power management functionality, and other changes.

Microsoft is also opening up this update to the public. MSDN and TechNet subscribers can download SP2 today, and beginning Thursday, December 4, 2008, anyone will be able to download and test SP2 via a new Customer Preview Program (CPP).

Interested users can find out more about this public release from the TechNet Web site:
Windows Server 2008 Service Pack 2 (SP2) and Windows Vista Service Pack 2 (SP2) Customer Preview Program (CPP)

Related:

• Notable Changes in Windows Server 2008 SP2/Windows Vista SP2 Beta
• Release Notes for Windows Server 2008 SP2 Beta
• Release Notes for Windows Vista SP2 Beta
• Deployment Guide for Windows Server 2008 SP2 Beta
• Deployment Guide for Windows Vista SP2 Beta
• Windows Vista SP2 Beta and Windows Server 2008 SP2 BetaTest Focus Guide