vBulletin statistics
januari 2009 - Posts - Windows Server blog by Kurt Roggen [BE]

januari 2009 - Posts

AGPM 3.0 Screencast Series – Part 4: Workflow

This step-by-step screencast demonstrates the workflow capabilities of AGPM for GPO operations such as Creating a GPO, Editing a GPO, Deploying a GPO, etc… We also have a look at production delegation.

image

The GPO operations below are covered:

 

Watch it over at TechNet Chopsticks

Previous posts:

Related reading:

Posted donderdag 15 januari 2009 7:25 by Kurt Roggen | with no comments
Filed under: ,

AGPM 3.0 Screencast Series – Part 3: AGPM Concepts

This step-by-step screencast demonstrates some of the basic concepts of AGPM such as Controlled, Uncontrolled, Pending, Templates, Recycle bin.

Operations as moving uncontrolled GPOs into the offline archive as controlled GPOs, dealing with pending GPO and using the AGPM Recycle Bin to recover/restore Group Policies are covered.

Advanced Group Policy Management (AGPM) adds a Change Control node for each domain displayed in the Group Policy Management Console (GPMC).
Within the Change Control pane, the Contents tab provides access to Group Policy objects (GPOs) and a shortcut menu for managing GPOs.
The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership for the GPO being managed. Additionally, these shortcut menus differ with the (pending) state of the GPO being managed.

The following secondary tabs filter the list of GPOs displayed:

  • Controlled: GPOs managed by Advanced Group Policy Management (offline in the archive)
  • Uncontrolled: GPOs not managed by AGPM (online in production)
  • Pending: GPO changes/operations awaiting approval by an Approver
  • Templates: GPO templates for creating new GPOs and comparing to existing GPOs
  • Recycle Bin: Deleted GPOs

image

Watch it over at TechNet Chopsticks

Previous posts:

Related reading:

Posted maandag 12 januari 2009 9:07 by Kurt Roggen | with no comments
Filed under: ,

TechDays 2009 Belux: Early bird registration are open now!

468x60

TechDays 2009: 3 days to shape your knowledge

Whether you’re an IT pro, developer, designer or architect:
It is your thoughts, knowledge and ideas that shape the digital world.
Microsoft supports you with platform and tools that are designed for your needs. Because we’re on the same road. During TechDays in March, you’ll get all the tools you need to shape your knowledge.

On March 11 and 12, TechDays will bring over 60 technical sessions tailored to your needs as a professional. while you can deepen your skills during one of the optional pre-conference tracks on March 10:

  • Essentials on Windows Server 2008 R2
  • Deep-dive into development for Microsoft Office SharePoint Server 2007
  • Software + Services: the convergence of SOA, SaaS, Cloud Computing and Web 2.0

Register now and benefit from the Early Bird price.

When? March 10 (pre-conference), 11-12 (conference)
Where? Metropolis, Antwerp

Posted vrijdag 9 januari 2009 8:27 by Kurt Roggen | with no comments
Filed under: , ,

AGPM 3.0 Screencast Series – Part 2: Role-based delegation

This step-by-step screencast demonstrates how to delegate permissions inside AGPM using the role-based delegation model, allowing you to share the responsibility for editing, approving, and reviewing GPOs among multiple people.

image

All 4 default AGPM Roles are covered:

  • Full Control – AGPM Admins Role
  • Approver Role
  • Reviewer Role
  • Editor Role

Watch it over at TechNet Chopsticks

Previous posts:

Related reading:

Posted donderdag 8 januari 2009 20:45 by Kurt Roggen | with no comments
Filed under: ,

AGPM Least Privileged Scenario for AGPM Service account

When installing the AGPM 3.0 Server, there are two options when choosing the AGPM Service account: LocalSystem or a domain user account used to run the service.
NOTE: You can only use the Local System account as service account, when installing the AGPM Server on a domain controller (not a best practice!!).

If installing AGPM Server on a domain controller (and managing GPOs only on that domain), you can configure the AGPM service account as LocalSystem.  Otherwise, you must select another account.

image image
On Domain controller On a Member Server


For the AGPM Service to work properly with “Least Privileges”, assign following privileges, rights and/or group membership to the AGPM service account:

  1. The AGPM Service account requires full access to the AGPM archive folder
  2. The AGPM Service account requires full access to the local computer's temp folder (%systemroot%\temp)
  3. Full access to GPOs created prior to using AGPM
  4. The AGPM Service account must be a member of the Group Policy Creator Owners and Backup Operators Group

When you encounter any of the error messages below, it relates directly to the too limited privileges of the AGPM service account:

For more detailed information:

Posted dinsdag 6 januari 2009 10:12 by Kurt Roggen | with no comments
Filed under: ,

AGPM 3.0 Screencast Series – Part 1: Installing AGPM

This step-by-step screencast demonstrates how to install both AGPM server and AGPM client components and its pre-requisites.
Previously, we have talked about the AGPM architecture.  Now, we move into installing both server and client components.

During this screencast, we install the AGPM Server on a member server that will run the AGPM Service and will configure the archive.
All AGPM operations are managed through this Windows AGPM service and are executed with the service's credentials.
I will dedicate a separate post to the AGPM service account privileges.

Watch it over at TechNet Chopsticks

Previous posts:

Related reading:

Posted maandag 5 januari 2009 8:06 by Kurt Roggen | 2 comment(s)
Filed under: ,