Local Policy vs. Group Policy in System Center Essentials 2010
Applies To: System Center Essentials 2010
For System Center Essentials 2010 to correctly interoperate with other components running on Windows operating systems, some changes must be made to the Essentials management server, all managed computers, and any remote computer running an Essentials component, such as a remote console or remote database. How these changes are made is determined by whether you can log on to these computers using either Domain Administrator or Group Policy Administrator credentials.
Group Policy
If you can log on with Domain Administrator or Group Policy Administrator credentials when configuring Essentials 2010, you can select the Domain Group Policy option, and any computers running Essentials components or agents are configured automatically.
Selecting the Group Policy option directs Essentials 2010 to make the following changes to the domain:
An Active Directory security group is created.
The Essentials management server is added to the Active Directory security group.
Two Group Policy objects (GPOs) are created.
One GPO is targeted at all computers in the domain and contains both the Secure Sockets Layer (SSL) and Windows Server Update Services (WSUS) certificates and Windows Firewall exception settings.
The other GPO is specifically targeted at Essentials-managed computers. This GPO is applied to the Active Directory security group created by Essentials 2010 and contains settings related to the Windows Update agent, Agentless Exception Monitoring (AEM), and Remote Assistance.
In addition, selecting the Group Policy option directs Essentials 2010 to make the changes described in the following table.
On the Essentials management server | On managed computers |
---|---|
|
Note When a computer is added to the Active Directory security group, a task is performed automatically that refreshes the computer's group membership. |
Local Policy
If you cannot log on with Domain Administrator or Group Policy Administrator credentials when configuring Essentials 2010, use local policy. If Windows Firewall or another vendor's firewall product is used on computers in your environment, you must create firewall exceptions on the Essentials management server and on managed computers. Also, you must import two certificates on any computer on which you installed a remote Essentials console if they are not also managed by the Essentials management server. For more information, see How to Install System Center Essentials 2010 Console on a Remote Computer.
Selecting the Local Policy option directs Essentials 2010 to make the changes described in the following table.
On the Essentials management server | On managed computers |
---|---|
|
|