Group Policy Objects (GPOs) are constructs that are stored within Active Directory that allow IT administrators to control a wide variety of security settings and access permissions. Examples of how GPOs are typically used include:
Group Policy allows users administrators to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory service containers: sites, domains, or organizational units (OUs).
The Group Policy Objects (GPOs) are at the forefront of an organization's ability to roll out and control functional security. Core aspects of user life cycle such as password policies, logon hours, software distribution and other critical security settings are handled through GPOs. It is paramount for Organizations to have proper methods to control the settings of these GPOs and to deploy GPOs in a meaningful and safe manner with confidence, easily backup and restore GPOs when they are either incorrectly updated or corrupt.
GPOManager provides many templates to harden different application settings and apply them to whole organization or OU or group. Policy templates for application like internet browsers and other are provided out of box.
While GPOs are very powerful, the challenge for most organizations trying to manage GPOs with native tools is that they can quickly proliferate to the point of being unmanageable. With native tools, it is common for I.T. administrators to have great difficulty determining exactly what the overall security policy is, and whether or not the GPOs are actually enforcing the policies they were intended to enforce.
CionSystems Active Directory Group Policy Management (GPO Manager) provides a robust Microsoft Management Console (MMC) snap-in that dramatically improves the ability of administrators to manage GPOs. GPOManager can be run as an independent application or as a MMC extension
You can manage permission of Group Policy Objects container for a given domain using CionSystems GPO Manager Delegation.
With GPO Manager Delegation the following Permissions can be delegated:
GPO Create Permission: The ability to grant users permissions to create GPOs
WMI Permission: The ability to grant users permissions to create and Edit WMI Filters
SOM Permissions: The ability to link GPOs to a SOM, The ability to perform Group Policy Modeling analyses for objects in that SOM, The ability to collect Group Policy Results data for objects in that SOM.
Before user can edit GPO, the GPO must be checked out. Double click on a GPO will automatically change the GPO state to check out
The workflow is as follows:
Version information is updated in the system's history when the GPO is checked back in. Only one person within the system can check out and work on any GPO at a given time.
Checking out a GPO for the first time creates a copy of the original GPO. The copy is an exact duplicate of the original GPO until it passes through the approval process.
CionSystems Active Directory Group Policy Management (GPO Manager) offers a mechanism to control this highly important component of Active Directory. GPOs, Scope of Management links, and WMI filters are backed up in a secure, distributed manner and then placed under version control.
A workflow is a sequence of inter connected steps that carry out a process based task. A typical workflow contains three stages.
Administrators have flexibility and choose the relevant steps for their enterprise. Not all enterprise might require all stages of the workflow. In addition, disable the workflow if need be. Tasks that are waiting in stages are immediately notified to the right group via email.
Windows Group Policy is powerful and allows user centralized management. However, uncontrolled and unintentional changes can have disastrous consequences. For example, unintended effects of a GPO change could stop hundreds of users from logging on, exclude access to critical software applications, or expose system settings. The Group Policy Management Console (GPMC) from Microsoft is a useful tool for the individual administrator, but additional functionality-such as GPO workflow management, check in/check out, change control, backup/restore, reports and rollback-is needed to effectively manage GPOs across the enterprise.
Using CionSystems GPO Manager, administrators can migrate GPOs from one domain to another new domain. This is a very powerful feature if you are looking to migrate GPOs and doesn't want to recreate these GPOs in the new domain.