Active Directory Group Policy Management (GPO Manager)

The easiest, most efficient way to manage your organization's Active Directory Group Policies

Group Policy Objects (GPOs) are constructs that are stored within Active Directory that allow IT administrators to control a wide variety of security settings and access permissions. Examples of how Active Directory Group Policy’s are typically used include:

  • Password policies
  • Allowed logon hours
  • What software is allowed on laptops or workstations
  • Ability to read-write-update directory data
  • File and printer permissions
  • Centralized view of tiered and delegated GPOs
  • Workflow management for policy approval
  • Policy check in and check out to help manage version control and inadvertent changes
  • Change control and rollback
  • Backup and restore
  • Built-in reports
  • Helps prove compliance to ITIL, MOF, SOX, Base I II, HIPAA and C-198

Active Directory Group Policy Management allows users administrators to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory service containers: sites, domains, or organizational units (OUs).

System Requirements: Any domain Join Windows Machine with minimum of 8GB of Ram, Microsoft .NET Framework 3.5 or Higher, GPMC

GPO tool

CionSystems GPOManager GPO Videos

Security issues are critical in any Enterprise, easily harden security with Active Directory Group Policy Management (GPOManager)

The Group Policy Objects (GPOs) are at the forefront of an organization's ability to roll out and control functional security. Core aspects of user life cycle such as password policies, logon hours, software distribution and other critical security settings are handled through GPOs. It is paramount for Organizations to have proper methods to control the settings of these GPOs and to deploy GPOs in a meaningful and safe manner with confidence, easily backup and restore GPOs when they are either incorrectly updated or corrupt.

GPO Manager Features

  • Version Comparisons: Quickly verify setting consistency and improve GPO auditing with advanced, side-by-side GPO version comparisons at different intervals.
  • Enhanced Group Policy Comparison: And side-by-side two distinct GPO'S, two Versions and with Existing GPO with a Checkout copy GPO comparisons to verify setting consistency.
  • GPO History and Compare: To record all changes to GPO's
  • Delete version history: To manage and reduce size of backup store
  • Undo GPO changes: Rolled back to previous versions.
  • Approval-based workflow: Process to ensure that changes adhere to change management best practices before their deployment.
  • Configure workflow: To enable organizational requirements and set for specified users or groups on edit settings, cloak and uncloak and lock and unlock.
  • Workflow Commenting: Track the request, review and approval process with comments and e-mail notifications at any stage.
  • Scheduling: Enable approved changes to be implemented immediately or on a schedule.
  • Microsoft Group Policy Management Console (GPMC): For familiar look and feel.
  • Cloaking: Hidden pre-production GPS from all but selected administrators.
  • GPO check-in: And check-out to prevent simultaneous editing conflicts.
  • GPO locking: To prevent unwanted changes to product GPOs.
  • Backup and Restore: Schedules all GPO's Backup or selected GPO's to be taken at a specified date and time.
  • Delegation and permissions management: Delegates or provide Read, Edit, Apply Permissions on GPO to Users.
  • Day to Day task: Perform common GPO Actions/Tasks like Create ,  Edit, Delete,  Link, Rename ,Backup, Import, Restore GPO, add comments to GPO, View, Enable, Disable.
  • Manage security: Apply Filters to GPO
  • Copy/Paste: Create a duplicate GPO with same settings.
  • Reports: Creates Report of all GPO'S at a specified Location.
  • Advance Categorizing:  Easily find GPOS that are Linked, Unlinked, Orphaned, Disabled and Deleted etc.
  • Replication: To replicate the data among the Available domain controllers.
  • Delegation: To grant Permission for Users to create GPO. To Apply WMI Filter.
  • Grant Permission on All GPO's: To grant permission for users on all GPO's to read, Edit, delete.

Preconfigured template policies for many different applications hardening and pre-configure the application settings

GPOManager provides many templates to harden different application settings and apply them to whole organization or OU or group. Policy templates for application like internet browsers and other are provided out of box.

GPO Manager tool

Microsoft Management Console (MMC)

While GPOs are very powerful, the challenge for most organizations trying to manage GPOs with native tools is that they can quickly proliferate to the point of being unmanageable. With native tools, it is common for I.T. administrators to have great difficulty determining exactly what the overall security policy is, and whether or not the GPOs are actually enforcing the policies they were intended to enforce.

CionSystems Active Directory Group Policy Management (GPO Manager) provides a robust Microsoft Management Console (MMC) snap-in that dramatically improves the ability of administrators to manage GPOs. GPOManager can be run as an independent application or as a MMC extension

CionSystems GPO

Configuring Role Based Delegation

You can manage permission of Group Policy Objects container for a given domain using CionSystems GPO Manager Delegation.

With GPO Manager Delegation the following Permissions can be delegated:

GPO Create Permission: The ability to grant users permissions to create GPOs

WMI Permission: The ability to grant users permissions to create and Edit WMI Filters

SOM Permissions:  The ability to link GPOs to a SOM, The ability to perform Group Policy Modeling analyses for objects in that SOM, The ability to collect Group Policy Results data for objects in that SOM.

check in GPO

Check In and Check Out Of GPOs

Before user can edit GPO, the GPO must be checked out. Double click on a GPO will automatically change the GPO state to check out

The workflow is as follows:

  • Check out the GPO from the system
  • Make the required edit and
  • Check in the changes to the system.

Version information is updated in the system's history when the GPO is checked back in. Only one person within the system can check out and work on any GPO at a given time.

Checking out a GPO for the first time creates a copy of the original GPO. The copy is an exact duplicate of the original GPO until it passes through the approval process.

Protect enterprise by protecting and enforcing secure GPO authoring process

CionSystems Active Directory Group Policy Management (GPO Manager) offers a mechanism to control this highly important component of Active Directory. GPOs, Scope of Management links, and WMI filters are backed up in a secure, distributed manner and then placed under version control.

GPO Manager Workflow

A workflow is a sequence of inter connected steps that carry out a process based task. A typical workflow contains three stages.

Administrators have flexibility and choose the relevant steps for their enterprise. Not all enterprise might require all stages of the workflow. In addition, disable the workflow if need be. Tasks that are waiting in stages are immediately notified to the right group via email.

Stages of Workflow

GPO Workflow


Easily control manage and un-manage group policy changes

Windows Group Policy is powerful and allows user centralized management. However, uncontrolled and unintentional changes can have disastrous consequences. For example, unintended effects of a GPO change could stop hundreds of users from logging on, exclude access to critical software applications, or expose system settings. The Group Policy Management Console (GPMC) from Microsoft is a useful tool for the individual administrator, but additional functionality-such as GPO workflow management, check in/check out, change control, backup/restore, reports and rollback-is needed to effectively manage GPOs across the enterprise.

Creating GPOs from Migration Table:

Using CionSystems GPO Manager, administrators can migrate GPOs from one domain to another new domain. This is a very powerful feature if you are looking to migrate GPOs and doesn't want to recreate these GPOs in the new domain.

GPO Scheduling

GPO Manager Benefits

  • Simplifies and automates critical tasks, reduces outages by eliminating manual process and scripts.
  • Helps prove compliance to ITIL, MOF, SOX, Basel II, HIPAA and C-198.
  • Improves availability and disaster recovery via backup and rollback capabilities.
  • Simplifies the enforcement of enterprise-wide business policies by enabling streamlined GPO control via workflow.
  • Simplifies and improves network security by restricting access to production GPOs.
  • Gives Active Directory administrators and security personnel's control of GPO changes, to eliminate system outages and security exposures.
  • Allows administrators to edit and test GPOs and have them approved before they are deployed.
  • Archives all GPO settings.
  • Leverages, complements and extends native Microsoft technology, including Group Policy Management Console (GPMC), to strengthen infrastructure investments.