Friday Mail Sack: Best Post This Year Edition

Hi folks, Ned here and welcoming you to 2012 with a new Friday Mail Sack. Catching up from our holiday hiatus, today we talk about: Disabling Administrative Shares Making Get-ADDomainController useful’er Kerberos group bloat USMT moving profiles back from other disks The DFSR service and backups AGPM and “out of band” built-in policy changes USMT… Read more

Friday Mail Sack: Guest Reply Edition

Hi folks, Ned here again. This week we talk: CA migration from 1 to 2 tier ADAM/ADLDS P2V ABC 123 Managing AGPM security filters Multiple IIS App pools and Kerberos AGPM multi-domain comparison ADUC domain password weirdness DFSR deletion conflict handling Stale account deletion ad nauseum AD PowerShell, Get-Acl, and the missing objects that aren’t… Read more

Forcing Domain Admins to use AGPM (but not really)

Hi folks, Sean Wright here for my final post. So, you have AGPM installed, but your Domain Admins continue using GPMC to create, delete, and modify Group Policy. You’ve asked nicely, but that hasn’t had much effect. Now you want to make your point, and prevent your Domain Admins from managing Group Policy the wrong… Read more

AGPM Operations (under the hood part 4: import and export)

Sean again, here for Part 4 of the Advanced Group Policy Management (AGPM) blog series, following the lifecycle of a Group Policy Object (GPO) as it transitions through various events. In this installment, we investigate what takes place when you use the Import and Export features within AGPM. With the use of Group Policy so… Read more

AGPM Operations (under the hood part 3: check in)

Sean again, here for Part 3 of the Advanced Group Policy Management (AGPM) blog series, following the lifecycle of a Group Policy Object (GPO) as it transitions through various AGPM-related events. In this installment, we investigate what takes place when you check-in a controlled GPO. Before editing an AGPM controlled GPO, it is checked-out. Similarly,… Read more

AGPM Operations (under the hood part 2: check out)

Sean again, here for Part 2 of the Advanced Group Policy Management (AGPM) blog series, following the lifecycle of a Group Policy Object (GPO) as it transitions through various events. In this installment, we investigate what takes place when you check-out a controlled GPO. Before editing an AGPM controlled GPO, it is checked out. There… Read more

Friday Mail Sack: No Redesign Edition

Hello folks, Ned here again. Today we talk PDCs, DFSN, DFSR, AGPM, authentication, PowerShell, Kerberos, event logs, and other random goo. Let’s get to it. PDCE and user auth DFSR full mesh recommendations Access Denied when delegating Kerberos Clearing Event Logs en mass Where to install AGPM Using Authentication Mechanism Assurance without MS PKI The… Read more

AGPM Production GPOs (under the hood)

Hello, Sean here. I’m a Directory Services engineer with Enterprise Platforms Support in Charlotte. Today, I’d like to talk about the inner workings of Advanced Group Policy Management (AGPM). Let’s begin by discovering what occurs behind the scenes when you take control of a Production GPO using AGPM. The term “Production GPO” is used frequently… Read more

AGPM Least Privilege Scenario

Mike here again. A customer recently asked how they should configure their Advanced Group Policy Management (AGPM) server using the least amount of privileges. AGPM Program Manager, Michael Kleef, posted a quick task list on his TechNet blog(http://blogs.technet.com/mkleef/archive/2008/11/18/locking-down-agpm-fit-for-least-privilege.aspx) , but I thought I’d take the opportunity to go into more detail and provided some additional… Read more