Microsoft Desktop Optimization Pack for Software Assurance
The Microsoft Desktop
Optimization Pack for Software Assurance contains several functions and
features that administrators can leverage to assist with the management
of the organization’s desktops. One feature included with this kit is
called Microsoft Advanced Group Policy Management (AGPM), which provides
extended functionality not available in the GPMC and GPME. This feature
provides several functions to improve GPO management, including GPO
change control, GPO archiving, offline editing of GPOs, granular GPO
administrative delegation, integration of policy changes, and auditing
and GPO difference and comparison functionality. AGPM can even enable
administrators to reject changes to GPOs or roll back a GPO to a
previous version stored in the archive. AGPM 3.0 is
supported on Windows Vista and Windows Server 2008, but provides only
partial support for Windows 7 and Windows Server 2008 R2.
The Desktop Optimization Pack
is only available for software assurance customers and your Microsoft
reseller should be contacted to determine how to qualify for or download
the pack.
ADMX Migrator
The ADMX Migrator tool, shown in Figure 4,
allows administrators to take existing ADM templates and migrate those
settings to the new ADMX and ADML template format. This tool is fully
supported by www.fullarmor.com,
the company that makes ADMX Migrator. The tool creates both the ADMX
and ADML files, and after they are created, they can be copied to the
PolicyDefinitions folder of a Windows Vista, Windows 7, Windows Server
2008, or Windows Server 2008 R2 system or GPO central store in a test
Active Directory infrastructure for testing. Any ADMX/ADML files created
using this tool should be tested thoroughly before releasing to a pilot
group or users or computers in production.
Group Policy Log View (GPLogView)
GPLogview is a downloadable
tool from Microsoft that allows administrators to monitor or generate
reports of GPO administrative and operational events in text, XML, and
HTML format. The tool can be run in monitor mode during a Group Policy
refresh interval to watch a live view of what the GPO processing is logging. GPLogView is available for download but is not supported by Microsoft.
Event Viewer
Event Viewer for Windows 7
and Windows Server 2008 R2 includes several new event logs, which now
provide additional GPO logging events, similar to those shown in Figure 5.
GPO logging now includes administrative GPO events, stored in the
system log with a source of “Group Policy,” and GPO operational events,
stored in the “Applications and Services Logs,” which is stored in
Microsoft/Windows/GroupPolicy/Operational.
GPO Administrative Events
The administrative events
include the state of the GPO processing on a particular computer or
user, including high-level information detailing if GPO processing was
successful or failed. To view Group Policy administrative events,
perform the following steps:
1. | Log on to a designated administrative workstation running Windows Server 2008 R2.
|
2. | Click the Start button.
|
3. | Select All Programs.
|
4. | Select Administrative Tools.
|
5. | Double-click the shortcut for Event Viewer.
|
6. | When Event Viewer opens, expand Windows Logs.
|
7. | Right-click the System log and select Filter Current Log.
|
8. | In the middle of the filter windows, click the Event Sources drop-down list arrow.
|
9. | Scroll down and check Group Policy and click back on the filter window to close the menu.
|
10. | Click OK at the bottom of the window to apply the filter.
|
11. | Review the group policy events.
|
12. | If
the task is complete, close Event Viewer to clear the filter;
otherwise, clear the filter by right-clicking on the system log and
selecting Clear Filter.
|
13. | Close Event Viewer when you are finished.
|
GPO Operational Events
The GPO operational events
include very granular detail of GPO processing. When GPO processing
occurs, the operational events are created almost one for one with each
task included within the GPO processing. This new logging functionality
simplifies troubleshooting GPO processing tremendously. To view the GPO
operational events on a Windows Server 2008 R2 system, perform the
following steps:
1. | Log on to a designated administrative workstation running Windows Server 2008 R2.
|
2. | Click the Start button.
|
3. | Select All Programs.
|
4. | Select Administrative Tools.
|
5. | Double-click the shortcut for Event Viewer.
|
6. | When Event Viewer opens, expand Applications and Services Logs.
|
7. | Expand Microsoft.
|
8. | Expand Windows.
|
9. | Expand Group Policy.
|
10. | Select the Operational log beneath the Group Policy container and view the events in the right pane.
|
11. | Click on particular events to see the details.
|
12. | Close Event Viewer when you are finished.
|
DFS Management
GPO files are stored in
the Active Directory domain sysvol folder. GPO files in the sysvol
folder are replicated by the Distributed File System Replication
service. The DFS Management console enabled administrators to configure
the replication options, including scheduling and other DFS management
tasks. The sysvol share is known as the domain system volume and the
replication of this volume follows the site link replication schedule.
