Award-winning Quest® GPOADmin® automates critical Group Policy management tasks to reduce costs and eliminate manual processes. GPOADmin can optionally extend the Microsoft Group Policy Management Console (GPMC) so you can quickly use a familiar interface to administer GPO changes and verify, compare, update and roll back GPO versions over time to confirm the consistency of various GPO settings. With so many GPO comparison features combined with enhanced security and workflow capabilities, you’ll be able to more effectively control and manage your Windows infrastructure — while supporting change management best practices and driving compliance to corporate policies, regulatory standards and frameworks such as ITIL, MOF, SOX, Basel II, HIPAA and C-198.
- Improved and simplified native Group Policy capabilities
With no need for scripting or manual processes, you can save valuable time, reduce the risk of network outages, and drive improved server and desktop management throughout your entire enterprise. An optional GPOADmin extension for Microsoft GPMC allows you to work in a familiar interface.
- Improved security and increased reliability
Effective Group Policy auditing reduces security breaches and increases the overall reliability of your Windows infrastructure. GPOADmin integrates with current processes — including Quest Change Auditor — to ensure that critical tasks such as version control and auditing are performed efficiently and effectively.
- Streamlined compliance and rollback
GPOADmin automatically ensures that all GPO versions and edits are recorded by creating a log of each setting change — including the individual who executed the change — for audit and rollback purposes. GPOADmin is compliant with the Federal Information Processing Standard (FIPS) and supports Windows policy preference settings.
- Automation and scripting
GPOADmin includes prepackaged PowerShell scripts to automate administrative tasks, saving time and reducing the risk of error. Custom actions can be executed before or after a GPOADmin change to facilitate integration with internal processes and systems.
- Approval workflow and testing
Approval-based workflows with optional email notifications ensure that modifications adhere to change management best practices. Approved changes can be immediately implemented or scheduled. Comments can be added to requests to accelerate reviews. GPOs can be tested before rolling them out to production.
- Reduced backup footprint
GPOADmin enables you to control the size of your backup store by deleting versions you no longer need. Side-byside comparisons simplify the process of determining which versions to keep or delete.
- Protected Settings policies
Administrators can define a list of GPO settings with predetermined values that must exist and cannot be modified. Once the Protected Settings policy is applied to a GPOADmin container, policies that are modified and become in violation will be blocked from being checked in.
- Approval/rejection via email
Workflow requests to modify GPOs can be approved or rejected by email, without opening the GPOADmin console. The email contains a settings report to help inform the approval decision.
- Improved object management
Specific users can be assigned responsibility for specific policies, either at the object level or GPOADmin container level. This helps all administrators identify who is responsible for managing specific policies.
- Customized email templates
Email notifications can be customized with specific text and/or attachments for specific roles (such as help desk or senior management). For example, if an organization requires a change request form to be completed to modify a GPO, it can be attached to the email notification to streamline the process. When combined with auditing and object protection, GPOADmin supports change management best practices.