Configure AGPM Server Connections

  • Artikel

All versions of each controlled Gruppenrichtlinienobjekt (Group Policy Object, GPO) are stored in a central archive so that Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO.

A user account with the AGPM-Administrator ("Vollzugriff") role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Erweiterte Gruppenrichtlinienverwaltung (Advanced Group Policy Management, APGM) is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Ausführliche Informationen finden Sie unter „Weitere Überlegungen“ in diesem Thema.

Configuring AGPM Server connections

As an AGPM-Administrator, you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the associated setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain.

  • Configure an AGPM Server connection for all Group Policy administrators

  • Configure additional AGPM Server connections for all Group Policy administrators

  • Manually configure an AGPM Server connection for your account

To configure an AGPM Server connection for all Group Policy administrators

  1. In the Group Policy Management Console tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see Editing a GPO.)

  2. In the Group Policy Management Editor window, click User Configuration, Policies, Administrative Templates, Windows Components, and AGPM.

  3. In the details pane, double-click AGPM: Specify default AGPM Server (all domains).

  4. In the Properties window, select the Enabled check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600).

  5. Click OK. Unless you want to configure additional AGPM Server connections, close the Group Policy Management Editor window and deploy the GPO. (For more information, see Deploy a GPO.) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators.

To configure additional AGPM Server connections for all Group Policy administrators

  1. If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains.

  2. To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the Group Policy Management Console tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see Editing a GPO.)

  3. In the Group Policy Management Editor window, click User Configuration, Policies, Administrative Templates, Windows Components, and then AGPM.

  4. In the details pane, double-click AGPM: Specify AGPM Servers.

  5. In the Properties window, select the Enabled check box, and click Show.

  6. In the Show Contents window:

    1. Click Add.

    2. For Value Name, type the domain name (for example, server1.contoso.com).

    3. For Value, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click OK. (By default, the AGPM Service listens on port 4600. To use a different port, see Modify the AGPM Service.)

    4. Repeat for each domain not using the default AGPM Server.

  7. Click OK to close the Show Contents and Properties windows.

  8. Close the Group Policy Management Editor window. (For more information, see Deploy a GPO.) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators.

If you have centrally configured the AGPM Server connection, the option to manually configure it is unavailable for all Group Policy administrators.

To manually configure which AGPM Server to display for your account

  1. Klicken Sie in der Struktur Gruppenrichtlinien-Verwaltungskonsole auf Steuerung ändern in der Gesamtstruktur und der Domäne, in der Sie GPOs verwalten möchten.

  2. In the details pane, click the AGPM Server tab.

  3. Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600).

  4. Click Apply, then click Yes to confirm.

Additional considerations

  • You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See Editing a GPO and Deploy a GPO for additional detail.

  • The selected AGPM Server determines which GPOs are displayed on the Contents tab and to what location the Domain Delegation tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.

  • Die Mitgliedschaft in der Gruppe "Richtlinien-Ersteller-Besitzer" sollte beschränkt werden, damit bei der Zugangsverwaltung der GPOs nicht die erweiterte Gruppenrichtlinienverwaltung übergangen wird. (Klicken Sie in der Gruppenrichtlinien-Verwaltungskonsole auf Gruppenrichtlinienobjekte in der Gesamtstruktur und der Domäne, in der Sie GPOs verwalten möchten, klicken Sie auf Delegierung, und konfigurieren Sie dann die Einstellungen, um den Anforderungen Ihrer Organisation zu entsprechen.)

Additional references

-----
Weitere Informationen zu MDOP finden Sie in der TechNet-Bibliothek. Sie können auch im TechNet Wiki nach Problembehandlungen suchen und uns auf Facebook oder Twitter folgen.
-----