Performancing Metrics

AGPM 4.0 to be released in October - Group Policy Team Blog - Site Home - TechNet Blogs

AGPM 4.0 to be released in October

AGPM 4.0 to be released in October

  • Comments 3
  • Likes

As part of the official announcement on the MDOP blog, Advanced Group Policy Management 4.0 (AGPM) will be releasing in October to customers. With this release we had strong feedback on two main areas of improvement and an additional area that improves discoverability and manageability.

1. Multi Forest/Multi Domain Support

We heard strong feedback that customers really needed a clean way to move GPO's from one change controlled environment to another. Currently AGPM 3.0 does not support multi-forest/multi-domain environments and requires customers to use GPMC's import/export capability which essentially breaks the change management workflow. You really dont want to be importing into production in order to get the GPO's into the change management environment. The model we used was very similar to GPMC's method and actually uses the same API's that GPMC uses.

So why didnt we support online GPO (push/pull) moves rather than import/export? The primary scenario for this feature was to support test and production. If you think about those kinds of implementations, these tend to be airgapped or heavily firewalled implementations due to their essentially mirrored nature. So that really drove the requirement that this feature needed to support that topology rather than the other way around.

2. Windows 7/Windows Server 2008 R2 Support

We wanted to ensure that anything we did in AGPM aligned to what customers were likely to deploy this year. We knew the RTM schedule of Windows 7 and the fact that many customers were discussing moving to it sooner than later so we felt it was important to include. We made sure we added support for Windows 7 settings reporting and editing as well as for the server to run on Windows Server 2008 R2.

Word of advise here. Its a better together story. While we do support Vista and Windows Server 2008 with AGPM 4.0, dont mix the platforms. That means if you're going to edit policy with Windows 7, make sure you run Windows Server 2008 R2 on the backend. For a start its unsupported and its unsupported for very good reasons. The documentation will also have this warning in there too.

We also fixed a number of reporting based issues that were present in AGPM 3.0 (if you've noticed them) while we were doing the Windows 7 work. You will notice a much more predictable experience overall.

3. Search and Filtering

I can hear you saying it already..."Really? I can search for settings now?" Answer is No. This change was about enterprise manageability. Often just finding the GPO for editing is a painful experience. Some customers we talk to have upwards of over 1000 GPOs. Two customers have reported to us that they have over 10000 GPOs. Thats a huge amount that I wouldn't wish upon anyone! So the problem is, and even if you have 200 GPO's, how do I quickly find the GPO I need? AGPM now allows you to search for the GPO by partial name match or other metadata like date/time or author or a combination of all of them. We made this very similar to Windows 7 search and its ease of use with a similar filtering experience.

So in the next couple of weeks Ill be taking the time to demo AGPM with a screencast and show you all the new stuff. Or if youre going to be at TechEd Europe, its looking likely that Ill be there to present it live!

Michael Kleef, Program Manager

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Can you dive a bit deeper on "For a start its unsupported and its unsupported for very good reasons."

    Can we have the very good reasons explained, please.

  • Can you expand on the requirement for server 2008 R2 on the backend when editing windows 7 policies?  Is this specific to AGPM, or does it apply in general?  Lastly, when you say the backend, is it just the server hosting AGPM, or should it be all of your dc's?

  • Max - its unsupported as there are operations the client does such as the policy editing operations and there are things the server does such as the reporting. In this situation the client can be editing policies that the server cannot report on correctly such as W7 policy. Additionally there are component version issues with APIs called that are incompatible.

    GrahamH - Specific to AGPM. See my above reference to Max. Its jsut the server hosting AGPM, not all DC's (GP and AGPM dont care about the DC version)