Vijay Kolli MEA Architect Microsoft Corp AGPM : The Sell [PRES - - PowerPoint PPT Presentation

vijay kolli
SMART_READER_LITE
LIVE PREVIEW

Vijay Kolli MEA Architect Microsoft Corp AGPM : The Sell [PRES - - PowerPoint PPT Presentation

Mar 18, 2023 214 likes •481 views

[TITLE LE] MDOP : Advanced Group Policy Management Vijay Kolli MEA Architect Microsoft Corp AGPM : The Sell [PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] GPO Management Offline editing History

slide-1
SLIDE 1

[TITLE LE] MDOP : Advanced Group Policy Management Vijay Kolli MEA Architect Microsoft Corp

slide-2
SLIDE 2

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

AGPM : The Sell

  • GPO Management

– Offline editing – History – Difference reporting – Search – Multi forest

  • Workflow

– Delegation – Source control

slide-3
SLIDE 3

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] Archive/Offline

Architecture

Domain Controller

AGPM Server Administrative Desktop

Backups GPO 1 Backups

  • f GPO 2

GPO 1

GPO 2

Production

AGPM Client (GPMC)

XML File of backups

slide-4
SLIDE 4

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

AGPM 4.0 Client and Server Support

Operating system on which AGPM Server 4.0 runs Operating system on which AGPM Client 4.0 runs Status of AGPM 4.0 support Windows Server 2008 R2 Windows 7/R2 Supported

Best Experience

Windows Vista with SP1/2008 Partially supported

Cannot edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

Windows Server 2008 Windows 7/R2 Unsupported Windows Vista with SP1/2008 Supported with limitations

Cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

slide-5
SLIDE 5

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

AGPM : The Sell

  • GPO Management

– Offline editing – History – Difference reporting – Search – Multi forest

  • Workflow

– Delegation – Source control

slide-6
SLIDE 6

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Offline Editing

Edit GPOs offline before deploying live

slide-7
SLIDE 7

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Auditing Get complete details on what happened, who did it, and why

slide-8
SLIDE 8

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

History History is a list of complete backups Rollback to a safe state

Safeguard live environment from unapproved changes and untested settings

slide-9
SLIDE 9

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] MDOP AGPM

Authoring, History Demo

slide-10
SLIDE 10

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Differences

Compare settings between GPOs

changed added removed

slide-11
SLIDE 11

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Reporting

  • Settings

– Parity with Group Policy settings reports

  • Difference

– Versions: older compared to newer – Any 2 GPOs – Template: GPO compared to its baseline

slide-12
SLIDE 12

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Search (Filtering)

  • What it does

– Filters GPOs by properties – Allows for column precision – Maintains a list of the recent 10 searches

  • What it doesn’t do

– Search for settings

slide-13
SLIDE 13

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Multi Forest Support

  • What it does

– Allows GPO movement from AGPM to AGPM – Preserves origin metadata – Supports migration tables

  • What it doesn’t do

– Online moves between domains/forests – GPP and Migrations Tables limitation

slide-14
SLIDE 14

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Windows 7/Server 2008 R2

  • What was supported

– Group Policy Preferences – Reporting for all new extensions

  • Applocker, DNSSEC, IE8, Scheduled Tasks

– Service execution – RSAT

slide-15
SLIDE 15

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] MDOP AGPM

Differences Demo

slide-16
SLIDE 16

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

AGPM : The Sell

  • GPO Management

– Offline editing – Difference reporting – History – Search – Multi forest

  • Workflow

– Delegation – Source control

slide-17
SLIDE 17

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Service

Archive/Offline

Domain Controller

AGPM Server Administrative Desktop

GPO 1

GPO 2

Production

AGPM Client (GPMC)

Proxy

Permissions

slide-18
SLIDE 18

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Delegation - Roles

Reviewer Full Control Editor Approver

Define granular control without making everyone a Domain Admin

slide-19
SLIDE 19

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] MDOP AGPM

Role Delegation Demo

slide-20
SLIDE 20

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Workflow

Control Check-out Edit Check-in Requests Reporting Deployment

Offline

slide-21
SLIDE 21

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Granular change tracking

slide-22
SLIDE 22

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Purge historical data

slide-23
SLIDE 23

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Last Step Delegation

slide-24
SLIDE 24

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] MDOP P AGPM

Workflow Demo

slide-25
SLIDE 25

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE]

Q&A

Q & A

slide-26
SLIDE 26

[PRES ESEN ENTATI TION N TITLE LE] [PRES ESEN ENTATI TION N TITLE LE] Partners to go to: