When the update has finished, you should be presented with a prompt to either logoff or restart your computer. An MMC window appears divided into two panes. Open the Group Policy Management console. Click Action, and then click New. In the Name text box, type the name for your new GPO. Group Policy Objects set controls for aspects of easier administration. They have to be distributed throughout a system to effectively work to help administrators manage users and computers.
Click Add. The Add Standalone Snap-in window appears. Select Group Policy Object Editor snap-in from the list. Click Close, and then OK. On the Apps screen, type gpedit. If you find the Group Policy Editor gpedit. Upgrade to Windows 10 Pro or Enterprise. In the To field, type the e-mail address for the user account to which you intend to assign the Approver role. Note You can also delegate access at the GPO level rather than the domain level.
In the Group Policy Management Console , click Group Policy Objects in the forest and domain in which you want to manage GPOs, click Delegation , and then configure the settings to meet the needs of your organization. Click the user account of a Group Policy administrator, and then select the Approver check box to assign that role to the account. Clear the Editor check box. This role includes the Reviewer role.
Click the user account of another Group Policy administrator, and then select the Editor check box to assign that role to the account.
Click a third account and then select the Reviewer check box to assign only the Reviewer role to the account of that Group Policy administrator. In an environment with multiple Group Policy administrators, those with the Editor role have the ability to request the creation of new GPOs, but such a request must be approved by someone with the Approver role because the creation of a new GPO impacts the production environment.
In this step, you use an account with the Editor role to request the creation of a new GPO. Using an account with the Approver role, you approve this request and complete the creation of a GPO. Click Create live so the new GPO will be deployed to the production environment immediately upon approval.
The new GPO is displayed on the Pending tab. Open the e-mail inbox for the account, and note that you have received an e-mail message from the AGPM alias with the Editor's request to create a GPO. Click Yes to confirm approval of the creation of the GPO. The GPO is moved to the Controlled tab. You can use GPOs to configure computer or user settings and deploy them to many computers or users. For this scenario, you configure a setting in the GPO to require that the password be at least eight characters in length.
For this scenario, configure the minimum password length:. In the properties window, select the Define this policy setting check box, set the number of characters to 8 , and then click OK. To receive a copy of the request, type your e-mail address in the Cc field.
In this step, you act as an Approver, creating reports and analyzing the settings and changes to settings in the GPO to determine whether you should approve them. After evaluating the GPO, you deploy it to the production environment and link it to a domain or an organizational unit OU so that it takes effect when Group Policy is refreshed for computers in that domain or OU.
Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO. On the Contents tab in the details pane, click the Pending tab. In the History window, click the GPO version with the most recent timestamp. Click the Differences button. Click Yes. The GPO is deployed to the production environment.
In this step, you use an account with the Editor role to create a template—an uneditable, static version of a GPO for use as a starting point for creating new GPOs—and then create a new GPO based upon that template. Templates are useful for quickly creating multiple GPOs that include many of the same settings. On the Contents tab in the details pane, click the Controlled tab. Type MyTemplate as the name for the template and a comment, and then click OK.
The new template appears on the Templates tab. Click Create live , so the new GPO will be deployed to the production environment immediately upon approval. In the properties window, check Define this policy setting , set the duration to 30 minutes, and then click OK.
On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver. Click Delete GPO from archive and production to delete both the version in the archive as well as the deployed version of the GPO in the production environment. The GPO is removed from the Controlled tab and is displayed on the Recycle Bin tab, where it can be restored or destroyed.
Occasionally you may discover after deleting a GPO that it is still needed. In this step, you act as an Approver to restore a GPO that has been deleted.
0コメント