For the best web experience, please use IE11+, Chrome, Firefox, or Safari

GPOADmin

Simplify Active Directory GPO management and governance. Managing Active Directory group policy objects (GPOs) is a time-consuming challenge for most IT organizations. GPOADmin is a third-party GPO management and governance solution that allows you to search, administer, verify, compare, update, roll back and consolidate GPOs to ensure consistency and avoid long-term GPO proliferation. GPOADmin offers enhanced security and workflow capabilities allowing you to control and secure your Windows infrastructure while supporting governance initiatives.

 

Getting your GPO management right is critical — one wrong GPO with a seemingly innocuous setting can inflict massive detrimental effects to the security posture of thousands of systems in your network within minutes. With GPOADmin, you can automate critical Group Policy management and governance tasks to reduce risk and eliminate manual processes.

GPOADmin offers several GPO management features to simplify Active Directory group policy management, including version comparisons to improve GPO auditing, rapid rollback to quickly revert back to a working GPO, an approval-based workflow to ensure changes adhere to change management best practices, GPO consolidation to search for redundant or conflicting settings, automated attestation to continually validate GPOs, and GPO syncing to automate settings synchronization from master GPO to selected target GPOs.

As a GPO management solution, GPOADmin also provides additional features, including intuitive scheduling to implement or schedule approved changes, custom email templates for notifications, group policy lineage to test pre-production GPO clones, hidden pre-production GPO access control, protected settings policies with predetermined values, GPO check-in and check-out locking to prevent unauthorized changes, object management to assign responsibility for specific policies, and pre- and post-actions to execute custom actions before or after a Group Policy management change. These features enable easier GPO management and customization of group policies.

Key Benefits

Version comparisons

Improve Active Directory Group Policy management with GPO auditing and the ability to verify setting consistency quickly and easily with advanced, side-by-side GPO version comparisons at various intervals.

Rapid rollback

Quickly revert back to a working GPO in the event that a GPO change has an undesired effect. In seconds, the environment can be running smoothly again.

Approval-based workflow

Ensure changes adhere to change management best practices prior to deployment, a critical step in Active Directory GPO management.

GPO consolidation

Search for redundant or conflicting Group Policy settings, and merge them into a single GPO or create a new GPO based on the merged settings to avoid long-term GPO proliferation.

Automated attestation

Continually validate GPOs through automated attestation — a must for any third-party group policy management solution.
 

GPO Syncing

Automate settings synchronization from master GPO to selected target GPOs.

Features

Intuitive scheduling

Immediately implement or schedule approved changes to simplify the process, which makes Active Directory GPO management much more flexible.

Custom email templates

Enable customization of e-mail notifications with specific text and/or attachments by role (e.g., help desk).

Group Policy lineage

Test pre-production GPO clones before rolling them out to ensure their impact on the live environment.

Hidden pre-production GPO

Limit pre-production GPO access to you and other selected administrators with this third-party group policy management solution.

Protected settings policies

Improve Active Directory Group Policy management with the ability to define a list of GPO settings with predetermined values that must exist and cannot be modified.

GPO check-in and check-out locking

Easily prevent simultaneous editing conflicts or unwanted and unauthorized changes to production GPOs.

Object management

Assign responsibility for specific policies, either at the object- or container-level, to specific users, enabling admins to identify who is responsible for managing specific policies.

Pre- and post- actions

Enable users to execute custom actions before or after a GPOADmin change to facilitate integration with internal processes and systems.

FAQ

Microsoft Advanced Group Policy Management (AGPM) is a native Microsoft solution that extends the capabilities of the Group Policy Management Console (GPMC) to provide comprehensive change control and improved Group Policy management. However, Microsoft is on a path to end support for AGPM, as mainstream support ended in 2018 and extended support will end in 2026.

Group Policy management is one of the most important aspects of IT security. Almost every organization uses GPOs to configure and secure Active Directory. GPOs are built into every copy of Windows, so there isn’t anything that needs installing to use it. GPO management can control everything from password policy to Start menu layouts, and can be granularly applied so that particular settings are applied to only the right users and computers.

There are many specific examples of what can be managed through GPOs.

  • Lock an account after a certain number of incorrect passwords are entered.
  • Block unidentified users on remote computers from connecting to a network share.
  • Provide all business users a standard set of bookmarks so they can easily reach your helpdesk or access other important resources.
  • Restrict access to certain folders.
  • Install the same software on all of your domain controllers (DCs).
  • Disable the command prompt on users’ machines.
  • Ensure Windows updates are applied promptly.
  • Disable use of the NTLM v1 authentication protocol (which is weaker than Kerberos).

GPO management is important now more than ever because Active Directory Group Policy is an attractive target for hackers, and vulnerable on multiple fronts. First, it’s an open book. The design of Active Directory ensures that every user can see the policies you have, where they’re applied and who has access to them. IT teams usually use descriptive names for objects in Active Directory, which keeps things simple for them, but gives hackers critical information to exploit. Second, it’s often a “set it and forget it” technology. Group Policy management is very complex, with thousands of policies, delegations & modifications to manage. It can be incredibly hard to untangle and it’s risky to remove policies and delegated admins without proper research. As a result, too many organizations don’t even try. That leaves their IT ecosystem extremely vulnerable.

Tour

New! GPO Consolidation
Rollback
Custom workflow actions
Protected settings policies
Object management
Email approval
Custom email templates
GPO synchronization
GPO comparison
Group Policy Object merging options with GPO management tool

New! GPO Consolidation

Enhance Active Directory GPO management with the ability to select redundant or conflicting Group Policy settings and merge them into a single GPO, or create a new GPO.

Specifications

Processor

2Ghz CPU Memory

Memory

8Gb RAM

Hard disk space

1 Gb (prefer 50Gb if backups and reports stored on he same drive)

Operating systems

 

  • Windows® 11
  • Windows® Server 2022
  • Windows® 10

 

  • Windows® Server 2016
  • Windows® Server 2019
  • .NET Framework 4.8
  • GPMC Extension compatible for the system where you are installing GPOADmin
  • Microsoft Edge WebView2 Evergreen Bootstrapper 97.0.1072.69
  • Microsoft Exchange 2016
  • Microsoft Exchange 2019
  • Active Directory (not recommended)
  • AD LDS
  • Azure SQL managed instance
  • SQL Server (Supported version includes 2016, 2017, 2019 and 2022)
  • Note: GPOADmin supports SQL AlwaysOn Availability Groups and SQL Clusters for SQL data
  • Note: GPOADmin supports TLS 1.3; however, TLS 1.2 is still required to be enabled on the SQL Server due to Microsoft SQL Server 2022 requirements.
  • Network Share (recommended)
  • Active Directory (not recommended)
  • AD LDS
  • Azure SQL managed instance
  • SQL Server (Supported version includes 2016, 2017, 2019 and 2022)
  • Note: GPOADmin supports SQL AlwaysOn Availability Groups and SQL Clusters for SQL data
  • Note: GPOADmin supports TLS 1.3; however, TLS 1.2 is still required to be enabled on the SQL Server due to Microsoft SQL Server 2022 requirements.
  • Same system requirements as GPOADmin.

Support & services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Education Services

Training courses delivered through online web-based, on-site or virtual instructor-led.