Performing AGPM Administrator Tasks

In Erweiterte Gruppenrichtlinienverwaltung (Advanced Group Policy Management, APGM), an AGPM-Administrator ("Vollzugriff") configures domain-wide options and delegates permissions to Approvers, Editors, Reviewers, and other AGPM-Administratoren. By default, an AGPM-Administrator is an individual with Full Control—all AGPM permissions—and who therefore can perform tasks associated with any role.

In an environment in which multiple people develop Gruppenrichtlinienobjekte (Group Policy Objects, GPOs), you can choose whether all AGPM users perform the same tasks and have the same level of access or whether AGPM-Administratoren delegate permissions to Editors who make changes to GPOs and to Approvers who deploy GPOs to the production environment. AGPM-Administratoren can configure permissions to meet the needs of your organization.

• Configuring Advanced Group Policy Management: Configure the AGPM Server Connection and e-mail notification, delegate access to GPOs in the production environment, and configure logging and tracing for troubleshooting.

• Managing the Archive: Delegate access to GPOs in the archive and limit the number of versions of each GPO stored.

• Managing the AGPM Service: Stop and start the AGPM Service or change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.

• Move the AGPM Server and the Archive: Move the AGPM Service, the archive, or both to a different server.

Also, because the AGPM-Administrator role includes the permissions for all other roles, an AGPM-Administrator can perform the tasks normally associated with any other role.

• Performing Approver Tasks, such as creating, deploying, or deleting GPOs

• Performing Editor Tasks, such as editing, renaming, labeling, or importing GPOs, creating templates, or setting a default template

• Performing Reviewer Tasks, such as reviewing settings and comparing GPOs

Additional considerations

By default, the AGPM-Administrator role has Full Control—all AGPM permissions:

• List Contents

• Read Settings

• Edit Settings

• Create GPO

• Deploy GPO

• Delete GPO

• Modify Options

• Modify Security

• Create Template

The Modify Options and Modify Security permissions are unique to the role of AGPM-Administrator.

-----
Weitere Informationen zu MDOP finden Sie in der TechNet-Bibliothek. Sie können auch im TechNet Wiki nach Problembehandlungen suchen und uns auf Facebook oder Twitter folgen.
-----