Join Log in
Score:1
Alexander Wryn avatar Server

Group Policy Management Tools

cn flag
Alexander Wryn

My company is currently using NetIQ GPAdmin from Microfocus. It has been a nightmare and is apparently going EOL. We are looking at moving to a different utility and they are attempting to sell us on "Universal Group Policy" by Microfocus. As we are looking at a new implementation, we have the opportunity to test other options and perhaps go a different route. Looking for any suggestions and would ask for reasoning/experiences with the product.

My questions are as follows:

  1. If you have used Universal Group Policy, what were your experiences and how does it compare to anything else you have looked at or used in the past.
  2. If you have not used or are not using Universal Group Policy, what utility are you using and what are the pro's and con's of it? What has your experience been with rolling back changes and using groups to control change approvals/scheduling.
  3. Do you have any recommendations for a mid-to-large setting, 500+ servers and multi-domain structure with a possible foot in managing cloud and private GPO.

My thanks ahead of time for any answers given here.

55
0 + 0
joeqwerty avatar
cv flag
joeqwerty
Why not just use the GPMC?
2
Reply
Alexander Wryn avatar
cn flag
Alexander Wryn
Changes in GPMC are live. There is no way to make changes and have other validate them. GPMC also has no versioning or reconciliation that I'm aware of. It cannot be used in a diversified structure as is our company. We have multiple groups making changes to hundreds of group policies. we cannot have a typo take down half our systems.
0
Reply
Score:1
LeeM avatar Server
cn flag
LeeM

AGPM does much of that - it's a Microsoft tool that vendors like Microfocus leveraged off. It does all the versioning, check-in/check-out, approvals, roll-backs etc. It's not highly sophisicated, but it does the job.

https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/advanced-group-policy-management-40

The main drawback in a multi-forest environment is that it's a per-forest tool. You need to import and export GPOs between forests if required (such as between Test and Production forests): https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/agpm/using-a-test-environment).

Obviously exporting and transferring files can be scripted to some degree, but fundamentally, there's no single management point for multiple forests, so you'd need an AGPM instance for each.

0 + 0
Score:0
Mark Carey avatar Server
aw flag
Mark Carey

The Quest GPOADmin software can accomplish all of the above requirements and more. Information can be found here: https://www.quest.com/products/gpoadmin/

With regards to the Microsoft AGPM software, it should be noted that that software is limited support see -> https://learn.microsoft.com/en-us/lifecycle/products/microsoft-advanced-group-policy-management-40

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.