gpoadmin quick start guide 58
TRANSCRIPT
-
8/9/2019 GPOADmin Quick Start Guide 58
1/25
Dell GPOADmin 5.8Quick Start Guide
-
8/9/2019 GPOADmin Quick Start Guide 58
2/25
2014 Dell Inc.ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under asoftware license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of theapplicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic ormechanical, including photocopying and recording for any purpose other than the purchasers personal use without the writtenpermission of Dell Inc.
The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel orotherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPTAS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NOLIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTSINCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ORNON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL ORINCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSSOF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness ofthe contents of this document and reserves the right to make changes to specifications and product descriptions at any timewithout notice. Dell does not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Dell Inc.Attn: LEGAL Dept5 Polaris WayAliso Viejo, CA 92656
Refer to our web site (software.dell.com) for regional and international office information.Trademarks
Dell, the Dell logo, GPOADmin, and ChangeAuditor are trademarks of Dell Inc. and/or its affiliates. Microsoft, SQL Server, ActiveDirectory, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/orother countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming themarks and names or their products. Dell disclaims any proprietary interest in the marks and names of others.
GPOADmin Quick Start GuideUpdated - June 2014Software Version - 5.8
Legend
CAUTION:A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING:A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO:An information icon indicates supporting information.
http://localhost/var/www/apps/conversion/tmp/scratch_7/software.dell.comhttp://localhost/var/www/apps/conversion/tmp/scratch_7/software.dell.com -
8/9/2019 GPOADmin Quick Start Guide 58
3/25
Contents
Dell GPOADmin 5.8
Quiuck Start Guide3
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Product overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Business problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Business solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Dell GPOADmin architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
GPOADmin service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Backup repository (storage method) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
GPOADmin client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
GPO management extension in GPMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
GPOADmin watcher service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Configuring the Watcher Service polling interval . . . . . . . . . . . . . . . . . . . . . . . . . 9
Port requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Minimum permissions required for the service accounts . . . . . . . . . . . . . . . . . . . .10
SQL storage method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
ADAM/AD LDS storage method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Network share storage method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Getting started with Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Downloading Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Licensing Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Installing Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Upgrading GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Configuring the GPOADmin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Updating your license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Setting Permissions on ADAM/AD LDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Editing the Version Control server properties . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Step-by-step walkthrough . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Connect to the Version Control system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Register a GPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Check out and edit GPOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Third-party contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
-
8/9/2019 GPOADmin Quick Start Guide 58
4/25
Dell GPOADmin 5.8
Quick Start Guide
2
4
Dell GPOADmin Quick Start Guide
About this guide
Product overview
Dell GPOADmin architecture
System requirements
Getting started with Dell GPOADmin
Step-by-step walkthrough
Best practices
-
8/9/2019 GPOADmin Quick Start Guide 58
5/25
Dell GPOADmin 5.8
Quick Start Guide5
About this guideThis document has been prepared to assist you in becoming familiar with Dell GPOADmin . The Quick Start
Guide contains information required to install and use Dell GPOADmin and is intended for network
administrators, consultants, analysts, and any other IT professionals using the product.
Product overview
Business problem
Security issues are becoming paramount within organizations. Within Active Directory, Group Policy Objects
(GPOs) are at the forefront of an organization's ability to roll out functional security. Core aspects such as
password policies, logon hours, software distribution, and other crucial security settings are handled through
GPOs. Organizations need methods to control the settings of these GPOs and to deploy GPOs in a meaningful
and safe manner with confidence. Since GPOs are so important to the proper operating of the Active Directory,
organizations also need methods to restore GPOs when they are either incorrectly updated or corrupt.
WindowsGroup Policy is powerful but difficult to manage. Uncontrolled changes can have disastrous
consequences. For example, unplanned effects of a GPO change could prohibit hundreds of users from logging
on, exclude access to critical software applications, or expose system settings. The Group Policy Management
Console (GPMC) from Microsoft is a useful tool for the individual administrator, but additional functionality
such as GPO check in/check out, change control, and rollbackis needed to effectively manage GPOs across the
enterprise.
Business solution
Dell GPOADmin offers a mechanism to control this highly important component of Active Directory. GPOs,
Scope of Management links, and WMI filters are backed up in a secure, distributed manner and then placedunder version control. When changes are made a backup of the object is made. Changes are then managed from
the Version Control system, and approval for change is required. Dell GPOADmin also offers two methods of
ensuring GPO consistency. The stored object can be retrieved if the current object in the directory is not valid
for any reason. This means that objects become managed and deployed with a sense of security. If issues do
arise, recovery time is reduced between the discovery of an issue and the resolution by restoring to a previous
version of the object. Dell GPOADmin:
Gives AD managers and security officers control of GPO changes, to eliminate system outages andsecurity exposures
Allows administrators to edit and test GPOs offline and have them approved before they areimplemented
Provides a way to quickly roll back changes, in the event that a change has unexpected results
Archives all GPO settings into a reliable, scalable data store
Leverages and complements native Microsofttechnology, including Group Policy Management Console
(GPMC), to strengthen infrastructure investments
Dell GPOADmin architectureDell GPOADmin is a directory-enabled application and all of its application information is stored in the
configuration container of either Active Directoryor Active DirectoryApplication Mode (ADAM/AD LDS) in
-
8/9/2019 GPOADmin Quick Start Guide 58
6/25
Dell GPOADmin 5.8
Quick Start Guide6
Windows2003 environments; in Windows2008 environments, the application information is stored in Active
DirectoryDomain Services (ADDS) or Active DirectoryLightweight Directory Services (AD/LDS).
For all Active Directorydeployments, the application information along with the GPOADmin Version Control
System is stored in the configuration container of Active Directoryin the following location:
CN=QGPM,CN=Quest,CN=Services,CN=Configuration,DC=Domain,DC=com
Where if you drilled down on the GPOADmin container you will find the following directories:
- CN=QGPM
- CN=Wentworth
+ CN=Roles (Custom Roles location)
+ CN=Users (Where users' preferences are stored)
+ CN=VCRoot (The root of the version control container hierarchy)
+ CN=Version Control (Pointers to backups' locations (perhaps also backups themselves if 'Directory' is
selected as the backup storage location) and controlled object history)
+ CN=Scheduled Actions
+ CN=Templates
Since this information is stored in the configuration container of Active Directory, it is replicated to all other
DCs within your forest. However, the Master Version Control is unique and the authoritative source for all
version control actions. The Master Version Control role is normally held by the DC specified during the initial
run of the Server Configuration wizard shortly after the GPOADmin server and service have been installed.
For all ADAM/AD LDS deployments, the application information, along with the GPOADmin Version Control
system, follows the same format as the Active Directorydeployment with the exception that the application
information and Version Control system is stored in the configuration of the ADAM/AD LDS instance. The
-
8/9/2019 GPOADmin Quick Start Guide 58
7/25
Dell GPOADmin 5.8
Quick Start Guide7
information is not replicated to other ADAM/AD LDS servers (unless manually set up) like Active Directory
replicates information with the configuration container.
Figure 1. GPOADmin Architecture
The client/server architecture facilitates granular security and delegation. GPOADmin runs under the securitycontext of a privileged service account that must have full access to GPOs in the managed forest.
Clients can connect to any deployed server within any Active Directoryforest. GPOADmin maintains a most
recently used (MRU) list of servers to which the users have previously connected to facilitate quick subsequent
server connections.
GPOADmin service
The GPOADmin service can be hosted on a shared application server. Its purpose is to communicate with the
Version Control system and implement change requests initiated by the authorized users of the GPOADmin
application. These requests would normally include:
Check out of an object for editing
Check in of an object after editing and request for approval
Approval of the changes
Implementation of the updated object into the production Active Directory
Backup repository (storage method)
You have the option of choosing one of the following for the location of the physical backup copy of the object
versions:
-
8/9/2019 GPOADmin Quick Start Guide 58
8/25
Dell GPOADmin 5.8
Quick Start Guide8
Active Directory(although not recommended for production deployments due to the volume ofreplication data)
Active DirectoryApplication Mode (ADAM) for WindowsServer 2003
Active DirectoryLightweight Directory Services (AD LDS) for WindowsServer 2008
Microsoft
SQL Server 2008, 2008 R2 or 2012
A network share
GPOADmin client
The GPOADmin client application is a MMC Snap-in that can be installed on the workstations of all
administrators responsible for the management of GPOs. Through the client, administrators and users will
connect to the appropriate GPOADmin server to perform the tasks described under GPOADmin service.
GPO management extension in GPMC
The Extended Group Policy Management Console allows users to work within a familiar interface that
incorporates all the benefits of GPOADmin, rather than having them learn a new client interface. When the
Group Policy Management Console is opened, the user will see an extra GPO Management tab that will allow
them to perform GPOADmin actions on Group Policy Objects from within the Group Policy Management Console.
GPOADmin watcher service
The watcher service protects an organization from unauthorized changes by automatically detecting changes to
GPOs made outside of the Version Control system. An optional component of GPOADmin, the watcher service
will automatically version a registered GPO outside of the GPOADmin console and display it as noncompliant
(indicated by an icon change). If the change is valid, an administrator can either incorporate the change into
the version control system or roll back the change to the previous deployed version of the GPO.
The GPOADmin watcher service must be run using credentials with sufficient network permissions.
For example, if you have a GPO checked out and it is flagged as noncompliant by the Watcher Service, this
indicates that the GPO settings in the live environment have changed since you checked out and started working
on that GPO.
NOTE: For the majority of deployments, network share is the recommended approach as it provides a high
performance backup store with a minimum of configuration and maintenance overhead.
NOTE: When you install the GPMC Extension, the installation architecture must match the architecture of
the GPMC. For example, if you choose to install the GPMC extension on a 64-bit Windows2003 Operating
System that is running a 32-bit GPMC, the GPOADmin x86 installer must be used.
A stand-alone GPMC Extension Installer is available in this release of GPOADmin.
NOTE: When you install the watcher service, the installation architecture must match the installation
architecture of the GPOADmin Version Control system. For example, if you use the 32-bit installer for theVersion Control system, you must use the 32-bit installer for the watcher service.
NOTE: The watcher service requires the Replicating directory changes permission on the Default Naming
Context and the Configuration Context for an object and all its descendents.
TIP: It is recommended that only one GPOADmin watcher service is installed per forest. If multiplewatcher services are used, the timing of changes made to GPOs could get out of synch.
TIP: It is recommended that you do not install the Watcher Service on a domain controller.
-
8/9/2019 GPOADmin Quick Start Guide 58
9/25
Dell GPOADmin 5.8
Quick Start Guide9
Once you have selected GPOs for check-in, the Noncompliant Objects Detected dialog box shows you a list of
the non-compliant objects, alerting you of any GPOs that have been modified outside of the version control
system of GPOADmin, and providing you with the following options:
Cancel pending check in for all object(s).
Cancel pending check in for noncompliant object(s) and proceed with check in for compliant object(s).
Accept unauthorized modifications and discard local changes. (Checks in the unauthorized and discardsthe local changes made within GPOADmin.)
Accept local changes and discard unauthorized modifications. (Checks in only the local changes made
within GPOADmin.)
Configuring the Watcher Service polling interval
The default polling interval is 10000 milliseconds (10 seconds). If desired, you can alter this to meet your needs.
To adj ust t he Wat cher Service pol l i ng interval
1 Create a DWORD value named Interval under the following registry key:
HKLM\SOFTWARE\Quest Software\Quest Group Policy Manager\WatcherConfig
2 Select Decimalas the Base when editing the value.
3 Enter the desired value under Value data. Note: The value is in milliseconds where there is 1000
milliseconds to a second.
Port requirements
The following ports must be open for the application to function correctly:
Name resolution can be achieved using DNS on port 53 or WINS (downlevel) on port 137.
Between the client and the GPOADmin Server:
Inbound: Port 40200 (default)
Outbound: all TCP ports
From the GPOADmin Server:
Configuration storage
LDAP Service - TCP/UDP - 389 -or- ADAM/AD LDS port (defaults to 389 or 50000)
GPO Archives
If you are using a network share for GPO backup storage, you may require open ports on 135, 136, 138,139, and/or 445.
NOTE: If the GPOs were in an Available state (not Checked out) and flagged as noncompliant, you would
not get this dialog box; you would see the regular compliance actions Incorporate Live or Rollback.
CAUTION: It is recommended to conduct a thorough threat analysis before opening these services toan untrusted network.
NOTE: To run the Version Control server on a custom port, you must set the following registry value:
Key: HKLM/Software/Quest Software/Quest Group Policy Manager/Remoting
Value Name: Port
Value Type: DWordValid Values: 1-65536
If this value is not set, the default (port 40200) will be used.
-
8/9/2019 GPOADmin Quick Start Guide 58
10/25
Dell GPOADmin 5.8
Quick Start Guide10
If you are using SQL Server for GPO backup storage, the appropriate ports will need to be open. SQLServers default port is 1433 or 1533 if the "hide server" option is enabled.
If you are using Named Pipes with SQL, arbitrary ports may be required. SQL Named Pipes is not arecommended configuration through firewalls.
If you are using ADAM/AD LDS for GPO backup storage or configuration data, ADAM/AD LDS will default toport 389 if not coexisting with AD. If AD is already installed, ADAM/AD LDS will default to port 50000.
Minimum permissions required for the service
accounts
To set up minimum per missions for t he servi ce account s
1 Create a service account and add it as a member of the Local Administrators group where the GPOADmin
service is installed.
2 Grant this account Log on as a Serviceon the computer where GPOADmin is installed.
3 Using ADSIEdit.msc, locate the Services container located below the Configuration Naming Context ofthe directory service used as your Configuration Store (Active Directoryor ADAM / AD LDS), and ensure
that it contains a Quest container. If necessary, create one.
4 Grant the service account access to the "Quest" container you created in step 3. Click the Objecttab and
apply the permissions to This object and all child objects (in WindowsServer 2003) or to This object
and all descendant objects(in WindowsServer 2008). Delegate the following permissions in theAdvanced Security Settings: List Contents, Read all Properties, Write all Properties, Delete Subtree,Read Permissions, Modify Permissions, All Validated Writes, Create All Child Objects, and Delete All
Child Objects.
5 Grant the service account Read and Write access to its host's computer or DC object in Active Directory
so that the service can update Service Connection Points.
6 Apply the following permissions to ensure the service account can create and edit WMI Filters:
Using ADSIEDIT.msc, expand the Default Naming Context partition, open
CN=SOM,CN=WMIPolicy,CN=System,DC=domain,DC=com and delegate the same permissions as in step 4.
Using GPMC, select the WMI Filterscontainer and on the Delegationtab, assign Creator Ownerrights tothe service account.
Next, grant the service account Full Controlon each WMI Filter that will be managed by GPOADmin.
7 Using GPMC, delegate Link GPOsto the service account on the Site and Domain level (or even on the OUlevel depending on where GPOADmin is required to manage GPOs), for This container and all child
containers, if child containers are needed.
8 For the service account to run RSoP reports, the Read Group Policy Results data right must be granted.Using GPMC, delegate Read Group Policy Results Datato the service account on the Domain level (oreven on the OU level, depending on where GPOADmin is required to perform the RSoP analysis), for Thiscontainer and all child containers, if child containers are needed.
For each computer that will be targeted during the RSoP analysis, add the service account to that
computers local Administrators group.
9 Using GPMC, delegate Create GPOsto the service account on the Group Policy Objects Level.
10 Using GPMC, delegate Edit settings,Delete, andModify securityto the service account for each existingGPO that will be managed by GPOADmin using GPMC.
11 For each GPO managed by GPOADmin, verify that the service account has ownership of the GPO on the
Ownertab of the Advanced Security Settings dialog box.
NOTE: ADSIEDit.msc is available from the WindowsSupport Tools.
-
8/9/2019 GPOADmin Quick Start Guide 58
11/25
Dell GPOADmin 5.8
Quick Start Guide11
12 Repeat steps 5 to 9 for every domain that will require GPOADmin to manage its GPOs.
13 Install GPOADmin using the service account.
For more information about the installation, see Installing Dell GPOADminon page 13.
14 Connect to GPOADmin as an Enterprise Admin or the service account.
Only these accounts are granted access to change the configuration during the install of GPOADmin.
15 Step through the Server Configuration Wizard.
You can add GPOADmin trustees to connect to the system or change server properties.
For more information about the configuration, see Configuring the GPOADmin Serveron page 15.
16 Delegate roles over GPO containers.
17 Connect to GPOADmin as any account granted rights to connect during the Server configuration setup.
SQL storage methodUsing SQL as the backup repository (storage method), the service account will need the following minimum
requirements:
Database Creators rights in order to create the GPOADmin_Backups Database during the ServerConfiguration Wizard setup.
ADAM/AD LDS storage method
Using ADAM/AD LDS as the backup repository (storage method) the service account will need the following
minimum requirements:
Member of the Administrator Role in the ADAM/AD LDS instance.
If using the command line tool or the GUI (ldp.exe), the service account will require the same
permissions in ADAM/AD LDS that it would require in Active Directory.
For more information, see Setting Permissions on ADAM/AD LDSon page 16.
Network share storage method
Using Network Share as the backup repository (storage method) the service account will need the following
minimum requirements:
At the Share level, Change & Read permissions.
NOTE: The Watcher Service requires that the service account created in step 1 has the Replicating
directory changes permission on the Default Naming Context (DC=domain, DC=com) and the
Configuration Context (CN=Configuration, DC=domain, DC=com) for this object and all descendents.
NOTE: Database Creators right is only required for the initial creation of the GPOADmin_Backupsdatabase. If the database has been pre-created (see Configuring the GPOADmin Serveron page 15) by your
DB Administrators team then only the following database roles and permissions are required by the
GPOADmin service account to access and update the Database:
db_datareader, db_datawriter: Permissions to Execute the following GPOADmin stored procedures:
quest_qgpm_add_group_to_role
quest_qgpm_domainid_pr
quest_qgpm_gpoid_pr
quest_qgpm_insbackup_p
-
8/9/2019 GPOADmin Quick Start Guide 58
12/25
Dell GPOADmin 5.8
Quick Start Guide12
At the Directory level, all permissions except Change Permissions" and "Take Ownership.
System requirements
Before installing GPOADmin 5.8, ensure that your system meets the following hardware and softwarerequirements.
GPOADmin requirements
.NET Framework 4.0
GPMC Extension compatible for the system where you are installing GPOADmin.
MicrosoftGroup Policy Management Console with Service Pack 1 or Remote Server Administration Tools
Configuration store requirements
Active Directoryor ADAM/AD LDS
Backup store requirements
Network Share (recommended)
Active Directory(not recommended)
ADAM/AD LDS
SQL Server
Table 1. Hardware requirements
Requirement Details
Processor 2Ghz CPU
Memory 4Gb RAM
Hard disk space 1 Gb (prefer 50Gb if backups and reports stored on the same drive) hard disk space
Operating systems Windows Vista
Windows7
Windows8
Window8.1
WindowsServer 2003
Windows Server 2003 R2
WindowsServer 2008
WindowsServer 2008 R2
WindowsServer 2012
Windows
Server 2012 R2
-
8/9/2019 GPOADmin Quick Start Guide 58
13/25
Dell GPOADmin 5.8
Quick Start Guide13
Watcher service
Same system requirements as GPOADmin.
Getting started with Dell GPOADmin
Downloading Dell GPOADmin
To downloa d Dell GPOADmin
1 Go to the Dell web site at http://www.quest.com/gpoadmin
2 Follow the instructions provided for product downloads.
Licensing Dell GPOADminBefore you can connect to the Version Control system, you must license Dell GPOADmin. Ensure that you have
the activation key before you begin an installation or upgrade. Copy the license file to the desktop of the
computer where Dell GPOADmin is installed, or to another convenient location. You will be prompted for this
license key the first time you run the Server Configuration wizard, or the first time you attempt to connect to
the Version Control Server. For information on licensing the product at a later date, see Updating your license
on page 15.
The following types of licenses are available for Dell GPOADmin:
Ongoing license: This grants you full use of Dell GPOADmin.
Term license: This grants you full use of Dell GPOADmin from a specified start date to a specific end
date.
Demo license: This grants you full use of Dell GPOADmin for a specified period of time.
Installing Dell GPOADmin
Prerequis i t es for t he Quick St ar t Inst a l l
The quick start install will place all of the roles of GPOADmin on one computer. Ensure that the computer meets
the system requirements mentioned above. To prepare for the install, you must perform the following steps:
1 Create a service account for GPOADmin in the root of the domain.
2 Add the service account to the local administrators group on the console computer.
3 Log in to the console as the service account.
4 Ensure that .NET Framework 4.0 and any associated fixes are installed.
5 Ensure that ADAM (Windows2003) or AD LDS (Windows2008) are installed.
6 Ensure that MicrosoftGroup Policy Management Console with Service Pack 1 or Remote Server
Administration Tools are installed.
7 Create a folder for the backup storage destination and share it on the network.
Ensure that the service account has full access to both the share and NTFS permissions.
NOTE: The service account created for GPOADmin should be the account used for ADAM or AD LDS.
http://www.quest.com/gpoadminhttp://www.quest.com/gpoadmin -
8/9/2019 GPOADmin Quick Start Guide 58
14/25
Dell GPOADmin 5.8
Quick Start Guide14
To inst al l Dell GPOADmin
1 Dell GPOADmin can be installed on x86 or x64 systems. Installers for each type of system can be found in
the install folder.
2 Run the autorun.exe,select Install.
3 Select either Dell GPOADmin x86or Dell GPOADmin x64, and click Install.
4 In the Welcome screen, click Next.
5 Read the licensing information, select I accept the terms in the License Agreement check box, and
click Next.
6 In the Choose Setup Type dialog box, select the Complete installation.
The Mobile IT Plugin is included in a complete installation if a Mobile IT agent is detected during the
process.
Mobile IT provides administrative access and alerts on mobile platforms. For more information, see
http://quest.com/mobile-it/.
To use this option, Mobile IT agent's service account must also have access to Version Control. For
details, see Selecting Security, Levels of Approval, and Notification Options in the GPOADMin User Guide.
7 In the Destination Folder dialog box, accept the default location or enter a new location to install
GPOADmin and click Next.
8 In the Service Credentials dialog box, enter the service account name and password that you created
earlier for use by the GPOADmin Service and click Next.
9 Click Install.
10 After the software has been installed and the Completed dialog box is displayed, click Finish.
Upgrading GPOADmin
To upgr ade GPOADmi n
1 Run the autorun.exe,select Install.
2 Select either Dell GPOADmin x86or Dell GPOADmin x64, and click Install. Complete the InstallationWizard.
NOTE: When you install the GPMC Extension, the installation architecture must match the architecture of
the GPMC. For example, if you choose to install the GPMC extension on a 64-bit Windows2003 Operating
System that is running a 32-bit GPMC, the GPOADmin x86 installer must be used.
NOTE: When you upgrade a GPOADmin service, you need to upgrade any GPOADmin client, watcherservice, or GPMC extension that reference that service.
NOTE: If multiple GPOADmin services share the same configuration store or backup store, they must all beupgraded to the same version.
NOTE: The logging and SMTP settings will be lost during an upgrade and need to be re-entered. Please see
the Release Notes for more information on these issues.
NOTE: If you have multiple servers to upgrade, the process must be done manually on each of the host
computers.
NOTE: If multiple GPOADmin services share the same configuration store or backup store, it is
recommended that all of the services, including the watcher, be stopped before upgrading.
NOTE: During an upgrade, the previous version will be uninstalled and the new version installed. Settingsare retained except for the ones noted above.
http://quest.com/mobile-ithttp://quest.com/mobile-it -
8/9/2019 GPOADmin Quick Start Guide 58
15/25
Dell GPOADmin 5.8
Quick Start Guide15
Configuring the GPOADmin Server
The Version Control server must be configured before users can connect to the Version Control system.
To confi gure t he GPOADmin Serv er
1 Run AllPrograms | Dell Software | Dell GPOADmin from the WindowsStart Menu.
2 In the Dell GPOADmin Console, right-click the Dell GPOADminnode and select Connect To.
3 In the Connect to Server dialog box, leave as localhost and click Connect.
4 Enter a User name and Password. To save the credentials, select the Remember my passwordcheck box
and click OK.
5 In the Select a Configuration Store dialog box, select Active Directoryor ADAM/AD LDSfor your
configuration storage location. If you select Active Directory, select the domain controller (DC) to be
the Version Control server, and click Next.
If you select ADAM/AD LDS, enter the NetBIOS name of the computer you are installing to followed bythe port number, in the format: ser ver _ name: por t , and click Next.
For example, gpoadmin_svr:389.
6 In the Select Storage Options dialog box, the Network Share is pre-selected (this is the best practise for
backup storage). Select the backup storage destination that was created in the prerequisites procedure
(Prerequisites for the Quick Start Install on page 13) and click Next.
7 In the Configure Server Access dialog box, add the accounts that will be Administrators and Users.
To add an Administrator, select the icon with the Plus sign (the icon with the arrowhead will expand or
collapse the list). After the account is selected, it will appear in the Administrators list. The account can
be removed by selecting the red X icon.
By default the Enterprise Admins and the Service Account are added to the trustees permitted to
connect to the system and change server properties. We recommend that you create a Global Group for
GPOADmin Admins ( -GPOADmin Admins), add it, and click Next.
8 In the Configure Server Access dialog box, after you have added all the accounts, click Finishto committhe changes.
Updating your licenseIf you want to upgrade your license (for example from a demo license) or you want to change your license for
any reason, you can access the license information through the server properties.
To updat e t he Dell GPOADmin l icense t hrough t he Server Prop ert ies
1 Select the Dell GPOADminnode, right-click and select Connect To,and connect to the console.
2 Select the forest node, right-click and select Properties.
3 Click the Licensetab to view the current license information.
4 Select the Update License option, browse to the new license location, and click OK.
NOTE: To run the Server Configuration Wizard, you must logon with an account that is a member of theEnterprise Administrators group or the GPOADmin Service Account.
TIP: The recommended best practice is to use ADAM/AD LDS.
NOTE: To create the GPOADmin_Backups database during the Server Configuration Wizard setup, the
Service account must have Database Creator role for the specific SQL Server.
NOTE: If your license expires, you will be prompted to update it the next time you attempt to connect tothe service.
-
8/9/2019 GPOADmin Quick Start Guide 58
16/25
Dell GPOADmin 5.8
Quick Start Guide16
5 When you have made all the required selections, click OK.
Setting Permissions on ADAM/AD LDS
To use GPOADmin with an ADAM/AD LDS deployment, users must be assigned the Administrator role.
To set p ermi ssio ns on ADAM/AD LDS
1 Open ADAM/AD LDS ADSI-Edit (ADSI-Edit is installed as part of the ADAM/AD LDS tools).
2 In the Select a well known Naming Context, select Configuration, then enter the console and portnumber in the Computer box, and click OK.
For example, GPOconsole:389.
3 Double-click Configurationto expand the configuration and browse to and select the Rolescontainer.
4 To grant the users rights, right-click the Administratorsrole, and select Properties.
5 Browse to the member attribute and click Edit.
6 Add the service account and other accounts that will be administering GPOADmin to the selected role.
Editing the Version Control server properties
Users that are logged on with an account that is a member of the GPOADmin administrators group can edit the
properties of the Version Control server when required. These properties include the directory server, where
the GPO backups are stored, roles used to define security within the system, SMTP settings and the access to
edit these settings, logging, mandatory comments, and license options.
To edi t t he Version Contr o l server conf i gurat ion
1 Right-click the forest and select Properties and select the required server options.
2 Select the Accesstab to add and remove users who can connect to and alter the server options. Fromhere you can also add and remove users who can simply connect to the Version Control server.
3 Select the Storagetab to change the required storage options (Active Directory, ADAM, Network Share,or SQL Server).
4 Select the Rolestab to create and edit roles that will be used to delegate rights over the Version Controlsystem. The built in roles are displayed. You can easily see the permissions contained within each by
selecting the role and clicking the View Role button. You cannot alter predefined roles. For complete
information on creating and delegating roles refer to the GPOADmin User Guide.
5 Select theSMTPtab to change the global SMTP notification options.
6 Click the Loggingtab and select the log location and the type of information you want to track.
7 You can choose to log to the Event Log, to a specific directory where log files will be created, or not at
all.
8 You can also select which (if any) types of events to log. The types of events are as follows: Service
Actions (such as service startup and shutdown), User Actions (such as check in, approve, edit), Errors,
and Debug Information (used by Dell support personnel).
NOTE: If your license expires, you will be prompted for the ASC file when you try to connect to theVersion Control System.
NOTE: If required, you can use the ADAM/AD LDS support tool dsacls to fine-tune the rights given by these
roles or to grant specific rights to users.
NOTE: You can alter the email address for your notification email through your personal settings, orthrough the Notification Manager. For more information see the GPOADmin User Guide.
-
8/9/2019 GPOADmin Quick Start Guide 58
17/25
Dell GPOADmin 5.8
Quick Start Guide17
9 If you want to make comments on actions mandatory, click the Optionstab, select the Commentscheckbox, and set a minimum comment length greater than 0. Leaving the value at 0 means comments are
optional for all actions. Any value greater than zero makes comments mandatory for all actions and all
users.
10 In the Options tab there is also a check box that allows you to disable all workflow options for Group
Policy Objects. With this setting invoked, users are restricted from creating and registering workflow
enabled Group Policy Objects, as well as being restricted from enabling workflow for workflow disabledGroup Policy Objects.
11 Click the Licensetab to view the current license information. Select the Update Licenseoption, browseto the new license location and click OK.
12 When you have made all the required selections, click OK.
Step-by-step walkthroughThis step-by-step walkthrough takes you through a Dell GPOADmin scenario that includes the following:
Connect to the Version Control system
Register an object
Check out and edit an object
Check in the object and request approval
Connect to the Version Control system
Because the application has been fully configured by the administrator, users connect to the Version Control
system in the following manner:
To connect t o t he Version Cont rol syst em
1 Right-click the Dell GPOADminnode and select Connect To.
2 Click New to create a new connection and enter the server name.
3 Select the Version Control server that you want to connect to and click Connect.
4 Enter a User name and Password. To save the credentials, select the Remember my passwordcheck boxand click OK.
For more information about saving connections, see Persisting Connections in the GPOADmin User Guide.
Register a GPO
Initially all GPOs are unregistered. To add GPOs to the Version Control system, they must be registered.
NOTE: Dell GPOADmin provides roles that enable users to perform actions within the Version Controlsystem. The following scenario is created on the assumption that the administrator has already delegated
the User and Moderator roles to the required users.
To view the roles applied to a specific container, right-click it, select Properties, and click the Security
tab.
For complete information on how to create and delegate roles, see Configuring Role-based Delegation
in the Dell GPOADmin User Guide or Online Help.
NOTE: When GPOs are registered they maintain their GPO status (User and Computer settings enabled ordisabled), links, security, and WMI filters.
-
8/9/2019 GPOADmin Quick Start Guide 58
18/25
Dell GPOADmin 5.8
Quick Start Guide18
To regist er a GPO
1 Expand Dell GPOADmin, the forest, Live Environment, and the Domain Controller. Select the GroupPolicy Objects, right-click a GPO in the right-hand pane, and select Register.
2 Select the container where you want to place the registered object and click OK.
Once objects have been registered, they are located in the selected container under the Version Control
Root with their initial version number set to 1.0. They are now available to be checked out and edited.
If you are migrating from an existing Version Control system, you can set the major version number to
any number greater than 1.0 in the Initial major version list.
Check out and edit GPOs
Before users can edit registered GPOs, the GPOs must be checked out.
The workflow is as follows:
Check out the GPO from the system,
make the required edits, and
check in the changes to the system.
Version information is updated in the systems history when the GPO is checked back in. Only one person within
the system can check out and work on any GPO at a given time.
Checking out a GPO for the first time creates a copy of the original GPO. The copy is an exact duplicate of theoriginal GPO until it passes through the approval process.
To check out a GPO
1 Expand the Version Control Rootand select the available GPO.
2 Right-click a GPO and select Check Out.
3 Enter a comment and click OK.
Once you have a GPO checked out, you can edit the settings from the Group Policy Management Editor as
well as edit the Security and WMI Filter settings. When you check out a GPO, the changes are made to a
copy of the live GPO. Those changes do not affect the GPO settings on the network until the changes are
checked in and deployed.
To edit a GPO
1 Right-click a checked out GPO and select Edit.
2 Click Launch Editorand make the required changes.
3 If required, select the Securitytab and click Add or Remove to modify the current security filter. Enteror search for the required user, computer, or group, and click OK.
4 Click theAdvancedbutton to select advanced permissions.
5 To add or remove a WMI filter, select the WMI Filtertab and choose a filter from the list of available WMIfilters. ClickOK.
You now have the option to check in the GPO to be stored for later use or check in and request approval
of the changes.
TIP: The information in this section applies to workflow-enabled GPOs only. For more information onworkflow enabling/disabling, see the Dell GPOADmin User Guide or Online Help.
NOTE: The changes are only applied to the live environment after they are approved and deployed.
NOTE: If you have all required rights, you can approve a GPO from the checked out state and thenecessary workflow steps happen automatically.
-
8/9/2019 GPOADmin Quick Start Guide 58
19/25
Dell GPOADmin 5.8
Quick Start Guide19
To check in and request app rov al
1 Expand the Version Control Rootnode and select the checked out GPO.
2 Right-click and select Check In.
3 Enter a comment and click OK.
4 Right-click the GPO and select Request Approval.5 Enter a comment and click OK.
The GPO status will be Pending Approval until the changes are approved or rejected by a user with the
appropriate permissions. When the GPO has been approved it is ready to be deployed into the live
environment.
Best practicesThe following best practices exist within Dell GPOADmin:
Deploying Cloaked GPOs
Before you deploy a GPO, ensure that it is not cloaked. If you deploy a cloaked GPO, and then later
deploy it uncloaked, it will be flagged as non-compliant.
Forest Configuration
It is recommended that users who are members of the Enterprise Administrators group configure the
forest for version control.
Client Installation
Users should be a local administrator on the computer where the client is installed.
Remote Forest Management
Although remote forest version control management options are available, it is recommended to manage
a forest logged in as a user from the same forest to eliminate any additional trust and security-related
considerations.
Storage Repository Placement
If using ADAM/AD LDS or SQL as storage options it is recommended that they are located in the same
forest that is being managed to eliminate any additional trust and security-related considerations. It is
recommended that ADAM/AD LDS is used as the configuration store, and a network share as the backup
store.
Register/Unregister Actions
It is recommended that users who are members of the Enterprise Administrators group perform the
register and unregister actions on GPOs within the Version Control system.
Naming Conventions
When creating GPOs within the Version Control system, it is possible to enter names that have alreadybeen used. However, it is highly recommended to use unique names.
Action Comments
Use descriptive comments to help others easily identify the reasons for performing actions within the
Version Control system.
Deploying Changes
Ensure each object has the desired settings before approving and deploying any pending modification
actions. Once the modification has been approved and deployed, the changes will be applied to the live
object.
GPO Settings - Versions
-
8/9/2019 GPOADmin Quick Start Guide 58
20/25
Dell GPOADmin 5.8
Quick Start Guide20
When running in a mixed mode environment, newer GPO settings are not backwards compatible with
older versions of GPMC. For example:
Preferences introduced in WindowsServer 2008 are not backwards compatible.
If you backup a GPO on WindowsServer 2008 and then attempt to import that backup into a GPO on
WindowsServer 2003, GPMC will indicate that there is a version mismatch and not allow the import.
Resultant Set of Policies Reports
When running the Group Policy Results or Group Policy Results Difference reports against Windows
Server 2008 R2 or Windows7, the Dell GPOADmin Service should be running on an operating system that
has the ability to read all policy settings.
Watcher Service
It is recommended that only one GPOADmin Watcher Service be installed per configuration store.
It is recommended that you not install the Watcher Service on a domain controller.
-
8/9/2019 GPOADmin Quick Start Guide 58
21/25
Dell GPOADmin 5.8
Quick Start Guide21
About Dell
Dell listens to customers and delivers worldwide innovative technology, business solutions and services they
trust and value. For more information, visit www.software.dell.com.
Contacting DellTechnical support:Online support
Product questions and sales:(800) 306-9329
Email:
Technical support resourcesTechnical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions. To access the Support Portal, go to
https://support.software.dell.com/.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. In addition, the portal provides direct access to product support engineers through anonline Service Request system.
The site enables you to:
Create, update, and manage Service Requests (cases)
View Knowledge Base articles
Obtain product notifications
Download software. For trial software, go to Trial Downloads.
View how-to videos
Engage in community discussions
Chat with a support engineer
Third-party contributionsThis product contains the third-party components listed below. For third-party license information, go to
http://software.dell.com/legal/license-agreements.aspx. Source code for components marked with an asterisk
(*) is available at http://opensource.dell.com.
http://software.dell.com/https://support.software.dell.com/mailto:[email protected]://support.software.dell.com/http://software.dell.com/trials/http://software.dell.com/legal/license-agreements.aspxhttp://opensource.dell.com/http://software.dell.com/http://opensource.dell.com/http://software.dell.com/legal/license-agreements.aspxhttp://software.dell.com/trials/https://support.software.dell.com/mailto:[email protected]://support.software.dell.com/ -
8/9/2019 GPOADmin Quick Start Guide 58
22/25
Dell GPOADmin 5.8
Quick Start Guide22
Table 2. List of third-party contributions
Component License or acknowledgement
Apache License
Version 2.0, January
2004
http://www.apache.or
g/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distributionas defined by Sections 1 through 9 of this document. "Licensor" shall mean the
copyright owner or entity authorized by the copyright owner that is granting the
License.
"Legal Entity" shall mean the union of the acting entity and all other entities that
control, are controlled by, or are under common control with that entity. For the
purposes of this definition, "control" means (i) the power, direct or indirect, to cause
the direction or management of such entity, whether by contract or otherwise, or (ii)
ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions
granted by this License.
"Source" form shall mean the preferred form for making modifications, including but
not limited to software source code, documentation source, and configuration files."Object" form shall mean any form resulting from mechanical transformation or
translation of a Source form, including but not limited to compiled object code,
generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made
available under the License, as indicated by a copyright notice that is included in or
attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is
based on (or derived from) the Work and for which the editorial revisions,
annotations, elaborations, or other modifications represent, as a whole, an original
work of authorship. For the purposes of this License, Derivative Works shall not
include works that remain separable from, or merely link (or bind by name) to the
interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the
Work and any modifications or additions to that Work or Derivative Works thereof,
that is intentionally submitted to Licensor for inclusion in the Work by the copyright
owner or by an individual or Legal Entity authorized to submit on behalf of the
copyright owner. For the purposes of this definition, "submitted" means any form of
electronic, verbal, or written communication sent to the Licensor or its
representatives, including but not limited to communication on electronic mailing
lists, source code control systems, and issue tracking systems that are managed by, or
on behalf of, the Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise designated in
writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of
whom a Contribution has been received by Licensor and subsequently incorporated
within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License,
each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-
charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative
Works of, publicly display, publicly perform, sublicense, and distribute the Work and
such Derivative Works in Source or Object form.
-
8/9/2019 GPOADmin Quick Start Guide 58
23/25
Dell GPOADmin 5.8
Quick Start Guide23
Apache License
(continued)
3. Grant of Patent License. Subject to the terms and conditions of this License, each
Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable (except as stated in this section) patent license to make,
have made, use, offer to sell, sell, import, and otherwise transfer the Work, where
such license applies only to those patent claims licensable by such Contributor that
are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a cross-claim or counterclaim
in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate as of the date such
litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative
Works thereof in any medium, with or without modifications, and in Source or Object
form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this
License; and
(b) You must cause any modified files to carry prominent notices stating that You
changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all
copyright, patent, trademark, and attribution notices from the Source form of the
Work, excluding those notices that do not pertain to any part of the Derivative Works;
and
(d) If the Work includes a "NOTICE" text file as part of its distribution, then any
Derivative Works that You distribute must include a readable copy of the attribution
notices contained within such NOTICE file, excluding those notices that do not pertain
to any part of the Derivative Works, in at least one of the following places: within a
NOTICE text file distributed as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or, within a display
generated by the Derivative Works, if and wherever such third-party notices normallyappear. The contents of the NOTICE file are for informational purposes only and do
not modify the License. You may add Your own attribution notices within Derivative
Works that You distribute, alongside or as an addendum to the NOTICE text from the
Work, provided that such additional attribution notices cannot be construed as
modifying the License.
You may add Your own copyright statement to Your modifications and may provide
additional or different license terms and conditions for use, reproduction, or
distribution of Your modifications, or for any such Derivative Works as a whole,
provided Your use, reproduction, and distribution of the Work otherwise complies
with the conditions stated in this License.
Table 2. List of third-party contributions
Component License or acknowledgement
-
8/9/2019 GPOADmin Quick Start Guide 58
24/25
Dell GPOADmin 5.8
Quick Start Guide24
Apache License
(continued)
5. Submission of Contributions. Unless You explicitly state otherwise, any
Contribution intentionally submitted for inclusion in the Work by You to the Licensor
shall be under the terms and conditions of this License, without any additional terms
or conditions. Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed with Licensor
regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names,
trademarks, service marks, or product names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and reproducing
the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,
Licensor provides the Work (and each Contributor provides its Contributions) on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE, NON-
INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
solely responsible for determining the appropriateness of using or redistributing the
Work and assume any risks associated with Your exercise of permissions under this
License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort
(including negligence), contract, or otherwise, unless required by applicable law
(such as deliberate and grossly negligent acts) or agreed to in writing, shall any
Contributor be liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a result of this
License or out of the use or inability to use the Work (including but not limited to
damages for loss of goodwill, work stoppage, computer failure or malfunction, or any
and all other commercial damages or losses), even if such Contributor has been
advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or
Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance
of support, warranty, indemnity, or other liability obligations and/or rights consistent
with this License. However, in accepting such obligations, You may act only on Your
own behalf and on Your sole responsibility, not on behalf of any other Contributor, and
only if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason of your
accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
NOTICE file corresponding to the section 4 (d) of the Apache License,
** Version 2.0, in this case for the Apache log4net distribution.
**
This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
Please read the LICENSE files present in the root directory of this
distribution.
The names "log4net" and "Apache Software Foundation" must not be used to
endorse or promote products derived from this software without prior
written permission. For written permission, please contact
Table 2. List of third-party contributions
Component License or acknowledgement
-
8/9/2019 GPOADmin Quick Start Guide 58
25/25
Dell GPOADmin 5.8
Quick Start Guide25
SharpZipLib 0.85.1.271 SharpZipLib License
License
The library is released under the GPL with the following exception:
Linking this library statically or dynamically with other modules is making a combinedwork based on this library. Thus, the terms and conditions of the GNU General Public
License cover the whole combination.
As a special exception, the copyright holders of this library give you permission to link
this library with independent modules to produce an executable, regardless of the
license terms of these independent modules, and to copy and distribute the resulting
executable under terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that module. An
independent module is a module which is not derived from or based on this library. If
you modify this library, you may extend this exception to your version of the library,
but you are not obligated to do so. If you do not wish to do so, delete this exception
statement from your version.
Note The exception is changed to reflect the latest GNU Classpath exception. Older
versions of #ziplib did have another exception, but the new one is clearer and itdoesn't break compatibility with the old one.
Bottom line In plain English this means you can use this library in commercial closed-
source applications.
Windows Installer XML
toolset (aka WIX)
3.8.1128.0
Microsoft Reciprocal License (MS-RL)
Table 2. List of third-party contributions
Component License or acknowledgement