gpoadmin quick start guide 58

8/9/2019 GPOADmin Quick Start Guide 58

1/25

Dell GPOADmin 5.8Quick Start Guide


2/25

2014 Dell Inc.ALL RIGHTS RESERVED.

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under asoftware license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of theapplicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic ormechanical, including photocopying and recording for any purpose other than the purchasers personal use without the writtenpermission of Dell Inc.

The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel orotherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPTAS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NOLIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTSINCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ORNON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL ORINCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSSOF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness ofthe contents of this document and reserves the right to make changes to specifications and product descriptions at any timewithout notice. Dell does not make any commitment to update the information contained in this document.

If you have any questions regarding your potential use of this material, contact:

Dell Inc.Attn: LEGAL Dept5 Polaris WayAliso Viejo, CA 92656

Refer to our web site (software.dell.com) for regional and international office information.Trademarks

Dell, the Dell logo, GPOADmin, and ChangeAuditor are trademarks of Dell Inc. and/or its affiliates. Microsoft, SQL Server, ActiveDirectory, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/orother countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming themarks and names or their products. Dell disclaims any proprietary interest in the marks and names of others.

GPOADmin Quick Start GuideUpdated - June 2014Software Version - 5.8

Legend

CAUTION:A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING:A WARNING icon indicates a potential for property damage, personal injury, or death.

IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO:An information icon indicates supporting information.
http://localhost/var/www/apps/conversion/tmp/scratch_7/software.dell.comhttp://localhost/var/www/apps/conversion/tmp/scratch_7/software.dell.com


3/25

Contents

Dell GPOADmin 5.8

Quiuck Start Guide3

About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Product overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Business problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Business solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Dell GPOADmin architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

GPOADmin service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Backup repository (storage method) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

GPOADmin client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

GPO management extension in GPMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

GPOADmin watcher service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Configuring the Watcher Service polling interval . . . . . . . . . . . . . . . . . . . . . . . . . 9

Port requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Minimum permissions required for the service accounts . . . . . . . . . . . . . . . . . . . .10

SQL storage method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

ADAM/AD LDS storage method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Network share storage method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Getting started with Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Downloading Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Licensing Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Installing Dell GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Upgrading GPOADmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Configuring the GPOADmin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Updating your license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Setting Permissions on ADAM/AD LDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Editing the Version Control server properties . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Step-by-step walkthrough . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Connect to the Version Control system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Register a GPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Check out and edit GPOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Third-party contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21


4/25

Dell GPOADmin 5.8

Quick Start Guide

2

4

Dell GPOADmin Quick Start Guide

About this guide

Product overview

Dell GPOADmin architecture

System requirements

Getting started with Dell GPOADmin

Step-by-step walkthrough

Best practices


5/25

Dell GPOADmin 5.8

Quick Start Guide5

About this guideThis document has been prepared to assist you in becoming familiar with Dell GPOADmin . The Quick Start

Guide contains information required to install and use Dell GPOADmin and is intended for network

administrators, consultants, analysts, and any other IT professionals using the product.

Product overview

Business problem

Security issues are becoming paramount within organizations. Within Active Directory, Group Policy Objects

(GPOs) are at the forefront of an organization's ability to roll out functional security. Core aspects such as

password policies, logon hours, software distribution, and other crucial security settings are handled through

GPOs. Organizations need methods to control the settings of these GPOs and to deploy GPOs in a meaningful

and safe manner with confidence. Since GPOs are so important to the proper operating of the Active Directory,

organizations also need methods to restore GPOs when they are either incorrectly updated or corrupt.

WindowsGroup Policy is powerful but difficult to manage. Uncontrolled changes can have disastrous

consequences. For example, unplanned effects of a GPO change could prohibit hundreds of users from logging

on, exclude access to critical software applications, or expose system settings. The Group Policy Management

Console (GPMC) from Microsoft is a useful tool for the individual administrator, but additional functionality

such as GPO check in/check out, change control, and rollbackis needed to effectively manage GPOs across the

enterprise.

Business solution

Dell GPOADmin offers a mechanism to control this highly important component of Active Directory. GPOs,

Scope of Management links, and WMI filters are backed up in a secure, distributed manner and then placedunder version control. When changes are made a backup of the object is made. Changes are then managed from

the Version Control system, and approval for change is required. Dell GPOADmin also offers two methods of

ensuring GPO consistency. The stored object can be retrieved if the current object in the directory is not valid

for any reason. This means that objects become managed and deployed with a sense of security. If issues do

arise, recovery time is reduced between the discovery of an issue and the resolution by restoring to a previous

version of the object. Dell GPOADmin:

Gives AD managers and security officers control of GPO changes, to eliminate system outages andsecurity exposures

Allows administrators to edit and test GPOs offline and have them approved before they areimplemented

Provides a way to quickly roll back changes, in the event that a change has unexpected results

Archives all GPO settings into a reliable, scalable data store

Leverages and complements native Microsofttechnology, including Group Policy Management Console

(GPMC), to strengthen infrastructure investments

Dell GPOADmin architectureDell GPOADmin is a directory-enabled application and all of its application information is stored in the

configuration container of either Active Directoryor Active DirectoryApplication Mode (ADAM/AD LDS) in


6/25

Dell GPOADmin 5.8

Quick Start Guide6

Windows2003 environments; in Windows2008 environments, the application information is stored in Active

DirectoryDomain Services (ADDS) or Active DirectoryLightweight Directory Services (AD/LDS).

For all Active Directorydeployments, the application information along with the GPOADmin Version Control

System is stored in the configuration container of Active Directoryin the following location:

CN=QGPM,CN=Quest,CN=Services,CN=Configuration,DC=Domain,DC=com

Where if you drilled down on the GPOADmin container you will find the following directories:

- CN=QGPM

- CN=Wentworth

+ CN=Roles (Custom Roles location)

+ CN=Users (Where users' preferences are stored)

+ CN=VCRoot (The root of the version control container hierarchy)

+ CN=Version Control (Pointers to backups' locations (perhaps also backups themselves if 'Directory' is

selected as the backup storage location) and controlled object history)

+ CN=Scheduled Actions

+ CN=Templates

Since this information is stored in the configuration container of Active Directory, it is replicated to all other

DCs within your forest. However, the Master Version Control is unique and the authoritative source for all

version control actions. The Master Version Control role is normally held by the DC specified during the initial

run of the Server Configuration wizard shortly after the GPOADmin server and service have been installed.

For all ADAM/AD LDS deployments, the application information, along with the GPOADmin Version Control

system, follows the same format as the Active Directorydeployment with the exception that the application

information and Version Control system is stored in the configuration of the ADAM/AD LDS instance. The


7/25

Dell GPOADmin 5.8

Quick Start Guide7

information is not replicated to other ADAM/AD LDS servers (unless manually set up) like Active Directory

replicates information with the configuration container.

Figure 1. GPOADmin Architecture

The client/server architecture facilitates granular security and delegation. GPOADmin runs under the securitycontext of a privileged service account that must have full access to GPOs in the managed forest.

Clients can connect to any deployed server within any Active Directoryforest. GPOADmin maintains a most

recently used (MRU) list of servers to which the users have previously connected to facilitate quick subsequent

server connections.

GPOADmin service

The GPOADmin service can be hosted on a shared application server. Its purpose is to communicate with the

Version Control system and implement change requests initiated by the authorized users of the GPOADmin

application. These requests would normally include:

Check out of an object for editing

Check in of an object after editing and request for approval

Approval of the changes

Implementation of the updated object into the production Active Directory

Backup repository (storage method)

You have the option of choosing one of the following for the location of the physical backup copy of the object

versions:


8/25

Dell GPOADmin 5.8

Quick Start Guide8

Active Directory(although not recommended for production deployments due to the volume ofreplication data)

Active DirectoryApplication Mode (ADAM) for WindowsServer 2003

Active DirectoryLightweight Directory Services (AD LDS) for WindowsServer 2008

Microsoft

SQL Server 2008, 2008 R2 or 2012

A network share

GPOADmin client

The GPOADmin client application is a MMC Snap-in that can be installed on the workstations of all

administrators responsible for the management of GPOs. Through the client, administrators and users will

connect to the appropriate GPOADmin server to perform the tasks described under GPOADmin service.

GPO management extension in GPMC

The Extended Group Policy Management Console allows users to work within a familiar interface that

incorporates all the benefits of GPOADmin, rather than having them learn a new client interface. When the

Group Policy Management Console is opened, the user will see an extra GPO Management tab that will allow

them to perform GPOADmin actions on Group Policy Objects from within the Group Policy Management Console.

GPOADmin watcher service

The watcher service protects an organization from unauthorized changes by automatically detecting changes to

GPOs made outside of the Version Control system. An optional component of GPOADmin, the watcher service

will automatically version a registered GPO outside of the GPOADmin console and display it as noncompliant

(indicated by an icon change). If the change is valid, an administrator can either incorporate the change into

the version control system or roll back the change to the previous deployed version of the GPO.

The GPOADmin watcher service must be run using credentials with sufficient network permissions.

For example, if you have a GPO checked out and it is flagged as noncompliant by the Watcher Service, this

indicates that the GPO settings in the live environment have changed since you checked out and started working

on that GPO.

NOTE: For the majority of deployments, network share is the recommended approach as it provides a high

performance backup store with a minimum of configuration and maintenance overhead.

NOTE: When you install the GPMC Extension, the installation architecture must match the architecture of

the GPMC. For example, if you choose to install the GPMC extension on a 64-bit Windows2003 Operating

System that is running a 32-bit GPMC, the GPOADmin x86 installer must be used.

A stand-alone GPMC Extension Installer is available in this release of GPOADmin.

NOTE: When you install the watcher service, the installation architecture must match the installation

architecture of the GPOADmin Version Control system. For example, if you use the 32-bit installer for theVersion Control system, you must use the 32-bit installer for the watcher service.

NOTE: The watcher service requires the Replicating directory changes permission on the Default Naming

Context and the Configuration Context for an object and all its descendents.

TIP: It is recommended that only one GPOADmin watcher service is installed per forest. If multiplewatcher services are used, the timing of changes made to GPOs could get out of synch.

TIP: It is recommended that you do not install the Watcher Service on a domain controller.


9/25

Dell GPOADmin 5.8

Quick Start Guide9

Once you have selected GPOs for check-in, the Noncompliant Objects Detected dialog box shows you a list of

the non-compliant objects, alerting you of any GPOs that have been modified outside of the version control

system of GPOADmin, and providing you with the following options:

Cancel pending check in for all object(s).

Cancel pending check in for noncompliant object(s) and proceed with check in for compliant object(s).

Accept unauthorized modifications and discard local changes. (Checks in the unauthorized and discardsthe local changes made within GPOADmin.)

Accept local changes and discard unauthorized modifications. (Checks in only the local changes made

within GPOADmin.)

Configuring the Watcher Service polling interval

The default polling interval is 10000 milliseconds (10 seconds). If desired, you can alter this to meet your needs.

To adj ust t he Wat cher Service pol l i ng interval

1 Create a DWORD value named Interval under the following registry key:

HKLM\SOFTWARE\Quest Software\Quest Group Policy Manager\WatcherConfig

2 Select Decimalas the Base when editing the value.

3 Enter the desired value under Value data. Note: The value is in milliseconds where there is 1000

milliseconds to a second.

Port requirements

The following ports must be open for the application to function correctly:

Name resolution can be achieved using DNS on port 53 or WINS (downlevel) on port 137.

Between the client and the GPOADmin Server:

Inbound: Port 40200 (default)

Outbound: all TCP ports

From the GPOADmin Server:

Configuration storage

LDAP Service - TCP/UDP - 389 -or- ADAM/AD LDS port (defaults to 389 or 50000)

GPO Archives

If you are using a network share for GPO backup storage, you may require open ports on 135, 136, 138,139, and/or 445.

NOTE: If the GPOs were in an Available state (not Checked out) and flagged as noncompliant, you would

not get this dialog box; you would see the regular compliance actions Incorporate Live or Rollback.

CAUTION: It is recommended to conduct a thorough threat analysis before opening these services toan untrusted network.

NOTE: To run the Version Control server on a custom port, you must set the following registry value:

Key: HKLM/Software/Quest Software/Quest Group Policy Manager/Remoting

Value Name: Port

Value Type: DWordValid Values: 1-65536

If this value is not set, the default (port 40200) will be used.


10/25

Dell GPOADmin 5.8

Quick Start Guide10

If you are using SQL Server for GPO backup storage, the appropriate ports will need to be open. SQLServers default port is 1433 or 1533 if the "hide server" option is enabled.

If you are using Named Pipes with SQL, arbitrary ports may be required. SQL Named Pipes is not arecommended configuration through firewalls.

If you are using ADAM/AD LDS for GPO backup storage or configuration data, ADAM/AD LDS will default toport 389 if not coexisting with AD. If AD is already installed, ADAM/AD LDS will default to port 50000.

Minimum permissions required for the service

accounts

To set up minimum per missions for t he servi ce account s

1 Create a service account and add it as a member of the Local Administrators group where the GPOADmin

service is installed.

2 Grant this account Log on as a Serviceon the computer where GPOADmin is installed.

3 Using ADSIEdit.msc, locate the Services container located below the Configuration Naming Context ofthe directory service used as your Configuration Store (Active Directoryor ADAM / AD LDS), and ensure

that it contains a Quest container. If necessary, create one.

4 Grant the service account access to the "Quest" container you created in step 3. Click the Objecttab and

apply the permissions to This object and all child objects (in WindowsServer 2003) or to This object

and all descendant objects(in WindowsServer 2008). Delegate the following permissions in theAdvanced Security Settings: List Contents, Read all Properties, Write all Properties, Delete Subtree,Read Permissions, Modify Permissions, All Validated Writes, Create All Child Objects, and Delete All

Child Objects.

5 Grant the service account Read and Write access to its host's computer or DC object in Active Directory

so that the service can update Service Connection Points.

6 Apply the following permissions to ensure the service account can create and edit WMI Filters:

Using ADSIEDIT.msc, expand the Default Naming Context partition, open

CN=SOM,CN=WMIPolicy,CN=System,DC=domain,DC=com and delegate the same permissions as in step 4.

Using GPMC, select the WMI Filterscontainer and on the Delegationtab, assign Creator Ownerrights tothe service account.

Next, grant the service account Full Controlon each WMI Filter that will be managed by GPOADmin.

7 Using GPMC, delegate Link GPOsto the service account on the Site and Domain level (or even on the OUlevel depending on where GPOADmin is required to manage GPOs), for This container and all child

containers, if child containers are needed.

8 For the service account to run RSoP reports, the Read Group Policy Results data right must be granted.Using GPMC, delegate Read Group Policy Results Datato the service account on the Domain level (oreven on the OU level, depending on where GPOADmin is required to perform the RSoP analysis), for Thiscontainer and all child containers, if child containers are needed.

For each computer that will be targeted during the RSoP analysis, add the service account to that

computers local Administrators group.

9 Using GPMC, delegate Create GPOsto the service account on the Group Policy Objects Level.

10 Using GPMC, delegate Edit settings,Delete, andModify securityto the service account for each existingGPO that will be managed by GPOADmin using GPMC.

11 For each GPO managed by GPOADmin, verify that the service account has ownership of the GPO on the

Ownertab of the Advanced Security Settings dialog box.

NOTE: ADSIEDit.msc is available from the WindowsSupport Tools.


11/25

Dell GPOADmin 5.8

Quick Start Guide11

12 Repeat steps 5 to 9 for every domain that will require GPOADmin to manage its GPOs.

13 Install GPOADmin using the service account.

For more information about the installation, see Installing Dell GPOADminon page 13.

14 Connect to GPOADmin as an Enterprise Admin or the service account.

Only these accounts are granted access to change the configuration during the install of GPOADmin.

15 Step through the Server Configuration Wizard.

You can add GPOADmin trustees to connect to the system or change server properties.

For more information about the configuration, see Configuring the GPOADmin Serveron page 15.

16 Delegate roles over GPO containers.

17 Connect to GPOADmin as any account granted rights to connect during the Server configuration setup.

SQL storage methodUsing SQL as the backup repository (storage method), the service account will need the following minimum

requirements:

Database Creators rights in order to create the GPOADmin_Backups Database during the ServerConfiguration Wizard setup.

ADAM/AD LDS storage method

Using ADAM/AD LDS as the backup repository (storage method) the service account will need the following

minimum requirements:

Member of the Administrator Role in the ADAM/AD LDS instance.

If using the command line tool or the GUI (ldp.exe), the service account will require the same

permissions in ADAM/AD LDS that it would require in Active Directory.

For more information, see Setting Permissions on ADAM/AD LDSon page 16.

Network share storage method

Using Network Share as the backup repository (storage method) the service account will need the following

minimum requirements:

At the Share level, Change & Read permissions.

NOTE: The Watcher Service requires that the service account created in step 1 has the Replicating

directory changes permission on the Default Naming Context (DC=domain, DC=com) and the

Configuration Context (CN=Configuration, DC=domain, DC=com) for this object and all descendents.

NOTE: Database Creators right is only required for the initial creation of the GPOADmin_Backupsdatabase. If the database has been pre-created (see Configuring the GPOADmin Serveron page 15) by your

DB Administrators team then only the following database roles and permissions are required by the

GPOADmin service account to access and update the Database:

db_datareader, db_datawriter: Permissions to Execute the following GPOADmin stored procedures:

quest_qgpm_add_group_to_role

quest_qgpm_domainid_pr

quest_qgpm_gpoid_pr

quest_qgpm_insbackup_p


12/25

Dell GPOADmin 5.8

Quick Start Guide12

At the Directory level, all permissions except Change Permissions" and "Take Ownership.

System requirements

Before installing GPOADmin 5.8, ensure that your system meets the following hardware and softwarerequirements.

GPOADmin requirements

.NET Framework 4.0

GPMC Extension compatible for the system where you are installing GPOADmin.

MicrosoftGroup Policy Management Console with Service Pack 1 or Remote Server Administration Tools

Configuration store requirements

Active Directoryor ADAM/AD LDS

Backup store requirements

Network Share (recommended)

Active Directory(not recommended)

ADAM/AD LDS

SQL Server

Table 1. Hardware requirements

Requirement Details

Processor 2Ghz CPU

Memory 4Gb RAM

Hard disk space 1 Gb (prefer 50Gb if backups and reports stored on the same drive) hard disk space

Operating systems Windows Vista

Windows7

Windows8

Window8.1

WindowsServer 2003

Windows Server 2003 R2

WindowsServer 2008

WindowsServer 2008 R2

WindowsServer 2012

Windows

Server 2012 R2


13/25

Dell GPOADmin 5.8

Quick Start Guide13

Watcher service

Same system requirements as GPOADmin.

Getting started with Dell GPOADmin

Downloading Dell GPOADmin

To downloa d Dell GPOADmin

1 Go to the Dell web site at http://www.quest.com/gpoadmin

2 Follow the instructions provided for product downloads.

Licensing Dell GPOADminBefore you can connect to the Version Control system, you must license Dell GPOADmin. Ensure that you have

the activation key before you begin an installation or upgrade. Copy the license file to the desktop of the

computer where Dell GPOADmin is installed, or to another convenient location. You will be prompted for this

license key the first time you run the Server Configuration wizard, or the first time you attempt to connect to

the Version Control Server. For information on licensing the product at a later date, see Updating your license

on page 15.

The following types of licenses are available for Dell GPOADmin:

Ongoing license: This grants you full use of Dell GPOADmin.

Term license: This grants you full use of Dell GPOADmin from a specified start date to a specific end

date.

Demo license: This grants you full use of Dell GPOADmin for a specified period of time.

Installing Dell GPOADmin

Prerequis i t es for t he Quick St ar t Inst a l l

The quick start install will place all of the roles of GPOADmin on one computer. Ensure that the computer meets

the system requirements mentioned above. To prepare for the install, you must perform the following steps:

1 Create a service account for GPOADmin in the root of the domain.

2 Add the service account to the local administrators group on the console computer.

3 Log in to the console as the service account.

4 Ensure that .NET Framework 4.0 and any associated fixes are installed.

5 Ensure that ADAM (Windows2003) or AD LDS (Windows2008) are installed.

6 Ensure that MicrosoftGroup Policy Management Console with Service Pack 1 or Remote Server

Administration Tools are installed.

7 Create a folder for the backup storage destination and share it on the network.

Ensure that the service account has full access to both the share and NTFS permissions.

NOTE: The service account created for GPOADmin should be the account used for ADAM or AD LDS.
http://www.quest.com/gpoadminhttp://www.quest.com/gpoadmin


14/25

Dell GPOADmin 5.8

Quick Start Guide14

To inst al l Dell GPOADmin

1 Dell GPOADmin can be installed on x86 or x64 systems. Installers for each type of system can be found in

the install folder.

2 Run the autorun.exe,select Install.

3 Select either Dell GPOADmin x86or Dell GPOADmin x64, and click Install.

4 In the Welcome screen, click Next.

5 Read the licensing information, select I accept the terms in the License Agreement check box, and

click Next.

6 In the Choose Setup Type dialog box, select the Complete installation.

The Mobile IT Plugin is included in a complete installation if a Mobile IT agent is detected during the

process.

Mobile IT provides administrative access and alerts on mobile platforms. For more information, see

http://quest.com/mobile-it/.

To use this option, Mobile IT agent's service account must also have access to Version Control. For

details, see Selecting Security, Levels of Approval, and Notification Options in the GPOADMin User Guide.

7 In the Destination Folder dialog box, accept the default location or enter a new location to install

GPOADmin and click Next.

8 In the Service Credentials dialog box, enter the service account name and password that you created

earlier for use by the GPOADmin Service and click Next.

9 Click Install.

10 After the software has been installed and the Completed dialog box is displayed, click Finish.

Upgrading GPOADmin

To upgr ade GPOADmi n

1 Run the autorun.exe,select Install.

2 Select either Dell GPOADmin x86or Dell GPOADmin x64, and click Install. Complete the InstallationWizard.

NOTE: When you install the GPMC Extension, the installation architecture must match the architecture of

the GPMC. For example, if you choose to install the GPMC extension on a 64-bit Windows2003 Operating

System that is running a 32-bit GPMC, the GPOADmin x86 installer must be used.

NOTE: When you upgrade a GPOADmin service, you need to upgrade any GPOADmin client, watcherservice, or GPMC extension that reference that service.

NOTE: If multiple GPOADmin services share the same configuration store or backup store, they must all beupgraded to the same version.

NOTE: The logging and SMTP settings will be lost during an upgrade and need to be re-entered. Please see

the Release Notes for more information on these issues.

NOTE: If you have multiple servers to upgrade, the process must be done manually on each of the host

computers.

NOTE: If multiple GPOADmin services share the same configuration store or backup store, it is

recommended that all of the services, including the watcher, be stopped before upgrading.

NOTE: During an upgrade, the previous version will be uninstalled and the new version installed. Settingsare retained except for the ones noted above.
http://quest.com/mobile-ithttp://quest.com/mobile-it


15/25

Dell GPOADmin 5.8

Quick Start Guide15

Configuring the GPOADmin Server

The Version Control server must be configured before users can connect to the Version Control system.

To confi gure t he GPOADmin Serv er

1 Run AllPrograms | Dell Software | Dell GPOADmin from the WindowsStart Menu.

2 In the Dell GPOADmin Console, right-click the Dell GPOADminnode and select Connect To.

3 In the Connect to Server dialog box, leave as localhost and click Connect.

4 Enter a User name and Password. To save the credentials, select the Remember my passwordcheck box

and click OK.

5 In the Select a Configuration Store dialog box, select Active Directoryor ADAM/AD LDSfor your

configuration storage location. If you select Active Directory, select the domain controller (DC) to be

the Version Control server, and click Next.

If you select ADAM/AD LDS, enter the NetBIOS name of the computer you are installing to followed bythe port number, in the format: ser ver _ name: por t , and click Next.

For example, gpoadmin_svr:389.

6 In the Select Storage Options dialog box, the Network Share is pre-selected (this is the best practise for

backup storage). Select the backup storage destination that was created in the prerequisites procedure

(Prerequisites for the Quick Start Install on page 13) and click Next.

7 In the Configure Server Access dialog box, add the accounts that will be Administrators and Users.

To add an Administrator, select the icon with the Plus sign (the icon with the arrowhead will expand or

collapse the list). After the account is selected, it will appear in the Administrators list. The account can

be removed by selecting the red X icon.

By default the Enterprise Admins and the Service Account are added to the trustees permitted to

connect to the system and change server properties. We recommend that you create a Global Group for

GPOADmin Admins ( -GPOADmin Admins), add it, and click Next.

8 In the Configure Server Access dialog box, after you have added all the accounts, click Finishto committhe changes.

Updating your licenseIf you want to upgrade your license (for example from a demo license) or you want to change your license for

any reason, you can access the license information through the server properties.

To updat e t he Dell GPOADmin l icense t hrough t he Server Prop ert ies

1 Select the Dell GPOADminnode, right-click and select Connect To,and connect to the console.

2 Select the forest node, right-click and select Properties.

3 Click the Licensetab to view the current license information.

4 Select the Update License option, browse to the new license location, and click OK.

NOTE: To run the Server Configuration Wizard, you must logon with an account that is a member of theEnterprise Administrators group or the GPOADmin Service Account.

TIP: The recommended best practice is to use ADAM/AD LDS.

NOTE: To create the GPOADmin_Backups database during the Server Configuration Wizard setup, the

Service account must have Database Creator role for the specific SQL Server.

NOTE: If your license expires, you will be prompted to update it the next time you attempt to connect tothe service.


16/25

Dell GPOADmin 5.8

Quick Start Guide16

5 When you have made all the required selections, click OK.

Setting Permissions on ADAM/AD LDS

To use GPOADmin with an ADAM/AD LDS deployment, users must be assigned the Administrator role.

To set p ermi ssio ns on ADAM/AD LDS

1 Open ADAM/AD LDS ADSI-Edit (ADSI-Edit is installed as part of the ADAM/AD LDS tools).

2 In the Select a well known Naming Context, select Configuration, then enter the console and portnumber in the Computer box, and click OK.

For example, GPOconsole:389.

3 Double-click Configurationto expand the configuration and browse to and select the Rolescontainer.

4 To grant the users rights, right-click the Administratorsrole, and select Properties.

5 Browse to the member attribute and click Edit.

6 Add the service account and other accounts that will be administering GPOADmin to the selected role.

Editing the Version Control server properties

Users that are logged on with an account that is a member of the GPOADmin administrators group can edit the

properties of the Version Control server when required. These properties include the directory server, where

the GPO backups are stored, roles used to define security within the system, SMTP settings and the access to

edit these settings, logging, mandatory comments, and license options.

To edi t t he Version Contr o l server conf i gurat ion

1 Right-click the forest and select Properties and select the required server options.

2 Select the Accesstab to add and remove users who can connect to and alter the server options. Fromhere you can also add and remove users who can simply connect to the Version Control server.

3 Select the Storagetab to change the required storage options (Active Directory, ADAM, Network Share,or SQL Server).

4 Select the Rolestab to create and edit roles that will be used to delegate rights over the Version Controlsystem. The built in roles are displayed. You can easily see the permissions contained within each by

selecting the role and clicking the View Role button. You cannot alter predefined roles. For complete

information on creating and delegating roles refer to the GPOADmin User Guide.

5 Select theSMTPtab to change the global SMTP notification options.

6 Click the Loggingtab and select the log location and the type of information you want to track.

7 You can choose to log to the Event Log, to a specific directory where log files will be created, or not at

all.

8 You can also select which (if any) types of events to log. The types of events are as follows: Service

Actions (such as service startup and shutdown), User Actions (such as check in, approve, edit), Errors,

and Debug Information (used by Dell support personnel).

NOTE: If your license expires, you will be prompted for the ASC file when you try to connect to theVersion Control System.

NOTE: If required, you can use the ADAM/AD LDS support tool dsacls to fine-tune the rights given by these

roles or to grant specific rights to users.

NOTE: You can alter the email address for your notification email through your personal settings, orthrough the Notification Manager. For more information see the GPOADmin User Guide.


17/25

Dell GPOADmin 5.8

Quick Start Guide17

9 If you want to make comments on actions mandatory, click the Optionstab, select the Commentscheckbox, and set a minimum comment length greater than 0. Leaving the value at 0 means comments are

optional for all actions. Any value greater than zero makes comments mandatory for all actions and all

users.

10 In the Options tab there is also a check box that allows you to disable all workflow options for Group

Policy Objects. With this setting invoked, users are restricted from creating and registering workflow

enabled Group Policy Objects, as well as being restricted from enabling workflow for workflow disabledGroup Policy Objects.

11 Click the Licensetab to view the current license information. Select the Update Licenseoption, browseto the new license location and click OK.

12 When you have made all the required selections, click OK.

Step-by-step walkthroughThis step-by-step walkthrough takes you through a Dell GPOADmin scenario that includes the following:

Connect to the Version Control system

Register an object

Check out and edit an object

Check in the object and request approval

Connect to the Version Control system

Because the application has been fully configured by the administrator, users connect to the Version Control

system in the following manner:

To connect t o t he Version Cont rol syst em

1 Right-click the Dell GPOADminnode and select Connect To.

2 Click New to create a new connection and enter the server name.

3 Select the Version Control server that you want to connect to and click Connect.

4 Enter a User name and Password. To save the credentials, select the Remember my passwordcheck boxand click OK.

For more information about saving connections, see Persisting Connections in the GPOADmin User Guide.

Register a GPO

Initially all GPOs are unregistered. To add GPOs to the Version Control system, they must be registered.

NOTE: Dell GPOADmin provides roles that enable users to perform actions within the Version Controlsystem. The following scenario is created on the assumption that the administrator has already delegated

the User and Moderator roles to the required users.

To view the roles applied to a specific container, right-click it, select Properties, and click the Security

tab.

For complete information on how to create and delegate roles, see Configuring Role-based Delegation

in the Dell GPOADmin User Guide or Online Help.

NOTE: When GPOs are registered they maintain their GPO status (User and Computer settings enabled ordisabled), links, security, and WMI filters.


18/25

Dell GPOADmin 5.8

Quick Start Guide18

To regist er a GPO

1 Expand Dell GPOADmin, the forest, Live Environment, and the Domain Controller. Select the GroupPolicy Objects, right-click a GPO in the right-hand pane, and select Register.

2 Select the container where you want to place the registered object and click OK.

Once objects have been registered, they are located in the selected container under the Version Control

Root with their initial version number set to 1.0. They are now available to be checked out and edited.

If you are migrating from an existing Version Control system, you can set the major version number to

any number greater than 1.0 in the Initial major version list.

Check out and edit GPOs

Before users can edit registered GPOs, the GPOs must be checked out.

The workflow is as follows:

Check out the GPO from the system,

make the required edits, and

check in the changes to the system.

Version information is updated in the systems history when the GPO is checked back in. Only one person within

the system can check out and work on any GPO at a given time.

Checking out a GPO for the first time creates a copy of the original GPO. The copy is an exact duplicate of theoriginal GPO until it passes through the approval process.

To check out a GPO

1 Expand the Version Control Rootand select the available GPO.

2 Right-click a GPO and select Check Out.

3 Enter a comment and click OK.

Once you have a GPO checked out, you can edit the settings from the Group Policy Management Editor as

well as edit the Security and WMI Filter settings. When you check out a GPO, the changes are made to a

copy of the live GPO. Those changes do not affect the GPO settings on the network until the changes are

checked in and deployed.

To edit a GPO

1 Right-click a checked out GPO and select Edit.

2 Click Launch Editorand make the required changes.

3 If required, select the Securitytab and click Add or Remove to modify the current security filter. Enteror search for the required user, computer, or group, and click OK.

4 Click theAdvancedbutton to select advanced permissions.

5 To add or remove a WMI filter, select the WMI Filtertab and choose a filter from the list of available WMIfilters. ClickOK.

You now have the option to check in the GPO to be stored for later use or check in and request approval

of the changes.

TIP: The information in this section applies to workflow-enabled GPOs only. For more information onworkflow enabling/disabling, see the Dell GPOADmin User Guide or Online Help.

NOTE: The changes are only applied to the live environment after they are approved and deployed.

NOTE: If you have all required rights, you can approve a GPO from the checked out state and thenecessary workflow steps happen automatically.


19/25

Dell GPOADmin 5.8

Quick Start Guide19

To check in and request app rov al

1 Expand the Version Control Rootnode and select the checked out GPO.

2 Right-click and select Check In.

3 Enter a comment and click OK.

4 Right-click the GPO and select Request Approval.5 Enter a comment and click OK.

The GPO status will be Pending Approval until the changes are approved or rejected by a user with the

appropriate permissions. When the GPO has been approved it is ready to be deployed into the live

environment.

Best practicesThe following best practices exist within Dell GPOADmin:

Deploying Cloaked GPOs

Before you deploy a GPO, ensure that it is not cloaked. If you deploy a cloaked GPO, and then later

deploy it uncloaked, it will be flagged as non-compliant.

Forest Configuration

It is recommended that users who are members of the Enterprise Administrators group configure the

forest for version control.

Client Installation

Users should be a local administrator on the computer where the client is installed.

Remote Forest Management

Although remote forest version control management options are available, it is recommended to manage

a forest logged in as a user from the same forest to eliminate any additional trust and security-related

considerations.

Storage Repository Placement

If using ADAM/AD LDS or SQL as storage options it is recommended that they are located in the same

forest that is being managed to eliminate any additional trust and security-related considerations. It is

recommended that ADAM/AD LDS is used as the configuration store, and a network share as the backup

store.

Register/Unregister Actions

It is recommended that users who are members of the Enterprise Administrators group perform the

register and unregister actions on GPOs within the Version Control system.

Naming Conventions

When creating GPOs within the Version Control system, it is possible to enter names that have alreadybeen used. However, it is highly recommended to use unique names.

Action Comments

Use descriptive comments to help others easily identify the reasons for performing actions within the

Version Control system.

Deploying Changes

Ensure each object has the desired settings before approving and deploying any pending modification

actions. Once the modification has been approved and deployed, the changes will be applied to the live

object.

GPO Settings - Versions


20/25

Dell GPOADmin 5.8

Quick Start Guide20

When running in a mixed mode environment, newer GPO settings are not backwards compatible with

older versions of GPMC. For example:

Preferences introduced in WindowsServer 2008 are not backwards compatible.

If you backup a GPO on WindowsServer 2008 and then attempt to import that backup into a GPO on

WindowsServer 2003, GPMC will indicate that there is a version mismatch and not allow the import.

Resultant Set of Policies Reports

When running the Group Policy Results or Group Policy Results Difference reports against Windows

Server 2008 R2 or Windows7, the Dell GPOADmin Service should be running on an operating system that

has the ability to read all policy settings.

Watcher Service

It is recommended that only one GPOADmin Watcher Service be installed per configuration store.

It is recommended that you not install the Watcher Service on a domain controller.


21/25

Dell GPOADmin 5.8

Quick Start Guide21

About Dell

Dell listens to customers and delivers worldwide innovative technology, business solutions and services they

trust and value. For more information, visit www.software.dell.com.

Contacting DellTechnical support:Online support

Product questions and sales:(800) 306-9329

Email:

[email protected]

Technical support resourcesTechnical support is available to customers who have purchased Dell software with a valid maintenance

contract and to customers who have trial versions. To access the Support Portal, go to

https://support.software.dell.com/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a

day, 365 days a year. In addition, the portal provides direct access to product support engineers through anonline Service Request system.

The site enables you to:

Create, update, and manage Service Requests (cases)

View Knowledge Base articles

Obtain product notifications

Download software. For trial software, go to Trial Downloads.

View how-to videos

Engage in community discussions

Chat with a support engineer

Third-party contributionsThis product contains the third-party components listed below. For third-party license information, go to

http://software.dell.com/legal/license-agreements.aspx. Source code for components marked with an asterisk

(*) is available at http://opensource.dell.com.
http://software.dell.com/https://support.software.dell.com/mailto:[email protected]://support.software.dell.com/http://software.dell.com/trials/http://software.dell.com/legal/license-agreements.aspxhttp://opensource.dell.com/http://software.dell.com/http://opensource.dell.com/http://software.dell.com/legal/license-agreements.aspxhttp://software.dell.com/trials/https://support.software.dell.com/mailto:[email protected]://support.software.dell.com/


22/25

Dell GPOADmin 5.8

Quick Start Guide22

Table 2. List of third-party contributions

Component License or acknowledgement

Apache License

Version 2.0, January

2004

http://www.apache.or

g/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction, and distributionas defined by Sections 1 through 9 of this document. "Licensor" shall mean the

copyright owner or entity authorized by the copyright owner that is granting the

License.

"Legal Entity" shall mean the union of the acting entity and all other entities that

control, are controlled by, or are under common control with that entity. For the

purposes of this definition, "control" means (i) the power, direct or indirect, to cause

the direction or management of such entity, whether by contract or otherwise, or (ii)

ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial

ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity exercising permissions

granted by this License.

"Source" form shall mean the preferred form for making modifications, including but

not limited to software source code, documentation source, and configuration files."Object" form shall mean any form resulting from mechanical transformation or

translation of a Source form, including but not limited to compiled object code,

generated documentation, and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or Object form, made

available under the License, as indicated by a copyright notice that is included in or

attached to the work (an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object form, that is

based on (or derived from) the Work and for which the editorial revisions,

annotations, elaborations, or other modifications represent, as a whole, an original

work of authorship. For the purposes of this License, Derivative Works shall not

include works that remain separable from, or merely link (or bind by name) to the

interfaces of, the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including the original version of the

Work and any modifications or additions to that Work or Derivative Works thereof,

that is intentionally submitted to Licensor for inclusion in the Work by the copyright

owner or by an individual or Legal Entity authorized to submit on behalf of the

copyright owner. For the purposes of this definition, "submitted" means any form of

electronic, verbal, or written communication sent to the Licensor or its

representatives, including but not limited to communication on electronic mailing

lists, source code control systems, and issue tracking systems that are managed by, or

on behalf of, the Licensor for the purpose of discussing and improving the Work, but

excluding communication that is conspicuously marked or otherwise designated in

writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of

whom a Contribution has been received by Licensor and subsequently incorporated

within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of this License,

each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-

charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative

Works of, publicly display, publicly perform, sublicense, and distribute the Work and

such Derivative Works in Source or Object form.


23/25

Dell GPOADmin 5.8

Quick Start Guide23

Apache License

(continued)

3. Grant of Patent License. Subject to the terms and conditions of this License, each

Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,

royalty-free, irrevocable (except as stated in this section) patent license to make,

have made, use, offer to sell, sell, import, and otherwise transfer the Work, where

such license applies only to those patent claims licensable by such Contributor that

are necessarily infringed by their Contribution(s) alone or by combination of their

Contribution(s) with the Work to which such Contribution(s) was submitted. If You

institute patent litigation against any entity (including a cross-claim or counterclaim

in a lawsuit) alleging that the Work or a Contribution incorporated within the Work

constitutes direct or contributory patent infringement, then any patent licenses

granted to You under this License for that Work shall terminate as of the date such

litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the Work or Derivative

Works thereof in any medium, with or without modifications, and in Source or Object

form, provided that You meet the following conditions:

(a) You must give any other recipients of the Work or Derivative Works a copy of this

License; and

(b) You must cause any modified files to carry prominent notices stating that You

changed the files; and

(c) You must retain, in the Source form of any Derivative Works that You distribute, all

copyright, patent, trademark, and attribution notices from the Source form of the

Work, excluding those notices that do not pertain to any part of the Derivative Works;

and

(d) If the Work includes a "NOTICE" text file as part of its distribution, then any

Derivative Works that You distribute must include a readable copy of the attribution

notices contained within such NOTICE file, excluding those notices that do not pertain

to any part of the Derivative Works, in at least one of the following places: within a

NOTICE text file distributed as part of the Derivative Works; within the Source form or

documentation, if provided along with the Derivative Works; or, within a display

generated by the Derivative Works, if and wherever such third-party notices normallyappear. The contents of the NOTICE file are for informational purposes only and do

not modify the License. You may add Your own attribution notices within Derivative

Works that You distribute, alongside or as an addendum to the NOTICE text from the

Work, provided that such additional attribution notices cannot be construed as

modifying the License.

You may add Your own copyright statement to Your modifications and may provide

additional or different license terms and conditions for use, reproduction, or

distribution of Your modifications, or for any such Derivative Works as a whole,

provided Your use, reproduction, and distribution of the Work otherwise complies

with the conditions stated in this License.




24/25

Dell GPOADmin 5.8

Quick Start Guide24

Apache License

(continued)

5. Submission of Contributions. Unless You explicitly state otherwise, any

Contribution intentionally submitted for inclusion in the Work by You to the Licensor

shall be under the terms and conditions of this License, without any additional terms

or conditions. Notwithstanding the above, nothing herein shall supersede or modify

the terms of any separate license agreement you may have executed with Licensor

regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade names,

trademarks, service marks, or product names of the Licensor, except as required for

reasonable and customary use in describing the origin of the Work and reproducing

the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,

Licensor provides the Work (and each Contributor provides its Contributions) on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or

implied, including, without limitation, any warranties or conditions of TITLE, NON-

INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are

solely responsible for determining the appropriateness of using or redistributing the

Work and assume any risks associated with Your exercise of permissions under this

License.

8. Limitation of Liability. In no event and under no legal theory, whether in tort

(including negligence), contract, or otherwise, unless required by applicable law

(such as deliberate and grossly negligent acts) or agreed to in writing, shall any

Contributor be liable to You for damages, including any direct, indirect, special,

incidental, or consequential damages of any character arising as a result of this

License or out of the use or inability to use the Work (including but not limited to

damages for loss of goodwill, work stoppage, computer failure or malfunction, or any

and all other commercial damages or losses), even if such Contributor has been

advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing the Work or

Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance

of support, warranty, indemnity, or other liability obligations and/or rights consistent

with this License. However, in accepting such obligations, You may act only on Your

own behalf and on Your sole responsibility, not on behalf of any other Contributor, and

only if You agree to indemnify, defend, and hold each Contributor harmless for any

liability incurred by, or claims asserted against, such Contributor by reason of your

accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

NOTICE file corresponding to the section 4 (d) of the Apache License,

** Version 2.0, in this case for the Apache log4net distribution.

**

This product includes software developed by The Apache Software Foundation (http://www.apache.org/).

Please read the LICENSE files present in the root directory of this

distribution.

The names "log4net" and "Apache Software Foundation" must not be used to

endorse or promote products derived from this software without prior

written permission. For written permission, please contact

[email protected].




25/25

Dell GPOADmin 5.8

Quick Start Guide25

SharpZipLib 0.85.1.271 SharpZipLib License

License

The library is released under the GPL with the following exception:

Linking this library statically or dynamically with other modules is making a combinedwork based on this library. Thus, the terms and conditions of the GNU General Public

License cover the whole combination.

As a special exception, the copyright holders of this library give you permission to link

this library with independent modules to produce an executable, regardless of the

license terms of these independent modules, and to copy and distribute the resulting

executable under terms of your choice, provided that you also meet, for each linked

independent module, the terms and conditions of the license of that module. An

independent module is a module which is not derived from or based on this library. If

you modify this library, you may extend this exception to your version of the library,

but you are not obligated to do so. If you do not wish to do so, delete this exception

statement from your version.

Note The exception is changed to reflect the latest GNU Classpath exception. Older

versions of #ziplib did have another exception, but the new one is clearer and itdoesn't break compatibility with the old one.

Bottom line In plain English this means you can use this library in commercial closed-

source applications.

Windows Installer XML

toolset (aka WIX)

3.8.1128.0

Microsoft Reciprocal License (MS-RL)



gpoadmin quick start guide 58

Documents