This post is part of following article:
- Advanced Group Policy Management – Introduction
- Advanced Group Policy Management – Server Installation
- Advanced Group Policy Management – Client Installation
- Advanced Group Policy Management – Securing AGPM
Assuming that you already met all of perquisites described in part 1 of this installation guide, we can start AGPM installation now.
Step 1: Create two Active Directory Accounts:
- AGPM Administrator (for this article it will be agpm-administrator) – this account will be used as first, default Administrator account of AGPM. Using this account you will delegate permissions to others.
- AGPM Service Account (for this article it will be agpm-service) – this account will manage policies so it needs proper permissions on existing GPOs and Archive folder. This account has to be a member of “Group Policy Creator Owners” and “Backup Operators” in each domain that will be managed by AGPM.
Step 2: Now, you need to assign Full Control permissions on GPOs created prior to AGPM installation. To do so, download following package of scripts: Group Policy Management Console Sample Scripts (alternative: GPMCSampleScripts)and then run GrantPermissionOnAllGPOs.wsf using cscript. Example:
C:\Windows\System32>cscript.exe "c:\GPMC Sample Scripts\GrantPermissionOnAllGPOs.wsf" agpm-service /Permission:FullEdit /Domain:contoso.com
Step 3: Depending on your architecture run either x86 or x64 installation file from MDOP CD. Click on “Next”
Step 4: Accept license terms and continue
Step 5: Leave the defaults, click on “Next”
Step 6: In this step you specify path for archive of controlled Group Policies. For example it can be a network mapped drive located on SAN or simply, local path.
Step 7: Type in AGPM service account (created in Step 1) credentials – it has to have full access to all GPOs that it will manage (Step 2)
Step 8: Select an AGPM Administrator account that we have created in Step 1, it will be granted with Full permissions on newly installed AGPM server.
Step 9: Leave defaults and click “Next”:
Step 10: Select all languages that you will actually need and continue:
Step 11: Finally, to start the installation, click on “Install” button:
Step 12: After few seconds (or minutes if some components were missing and had to be installed) installation should be finished.
AGPM Server installation is done. Now, to be able to actually work with it, you have to install AGPM Client. It will be described in part3 of this article.