first test migration build of MDOP

mdop/TOC.md

@@ -1 +1,19 @@
-#[MDOP Placeholder](index.md)
+# [Microsoft Desktop Optimization Pack](index.md)
+## [Advanced Group Policy Management] (agpm/)
+## [Application Virtualization]()
+### [Application Virtualization 4](appv-v4/)
+### [Application Virtualization 5](appv-v5/)
+## [Diagnostics and Recovery Toolset]()
+### [Diagnostics and Recovery Toolset 10](dart-v10/)
+### [Diagnostics and Recovery Toolset 8](dart-v8/)
+### [Diagnostics and Recovery Toolset 7](dart-v7/)
+## [Microsoft Bitlocker Administration and Monitoring]()
+### [Microsoft Bitlocker Administration and Monitoring 2.5](mbam-v25/)
+### [Microsoft Bitlocker Administration and Monitoring 2](mbam-v2/)
+### [Microsoft Bitlocker Administration and Monitoring 1](mbam-v1/)
+## [Microsoft Enterprise Desktop Virtualization]()
+### [Microsoft Enterprise Desktop Virtualization 2](mdev-v2/)
+## [User Experience Virtualization]()
+### [User Experience Virtualization 2](uev-v2/)
+### [User Experience Virtualization 2](uev-v1/)
+## [MDOP Solutions and Scenarios](solutions/)

mdop/agpm/TOC.md

@@ -0,0 +1,243 @@
+# [Advanced Group Policy Management](index.md)
+## [Technical Overview of AGPM](technical-overview-of-agpm.md)
+## [Choosing Which Version of AGPM to Install](choosing-which-version-of-agpm-to-install.md)
+## [AGPM 4.0 SP3 [NavEngl]](agpm-40-sp3-navengl.md)
+### [What's New in AGPM 4.0 SP3](whats-new-in-agpm-40-sp3.md)
+#### [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3](release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md)
+## [AGPM 4.0 SP2 [NavEngl]](agpm-40-sp2-navengl.md)
+### [What's New in AGPM 4.0 SP2](whats-new-in-agpm-40-sp2.md)
+#### [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2](release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md)
+## [AGPM 4.0 SP1 [NavEngl]](agpm-40-sp1-navengl.md)
+### [What's New in AGPM 4.0 SP1](whats-new-in-agpm-40-sp1.md)
+### [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1](release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md)
+## [AGPM 4 [NavEngl]](agpm-4-navengl.md)
+### [What's New in AGPM 4.0](whats-new-in-agpm-40.md)
+### [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md)
+### [Operations Guide for Microsoft Advanced Group Policy Management 4.0](operations-guide-for-microsoft-advanced-group-policy-management-40.md)
+#### [Overview of Advanced Group Policy Management [AGPM40]](overview-of-advanced-group-policy-management-agpm40.md)
+#### [Best Practices for Version Control [AGPM40]](best-practices-for-version-control-agpm40.md)
+#### [Checklist: Administer the AGPM Server and Archive [AGPM40]](checklist-administer-the-agpm-server-and-archive-agpm40.md)
+#### [Checklist: Create, Edit, and Deploy a GPO [AGPM40]](checklist-create-edit-and-deploy-a-gpo-agpm40.md)
+#### [Search and Filter the List of GPOs](search-and-filter-the-list-of-gpos.md)
+#### [Performing AGPM Administrator Tasks [AGPM40]](performing-agpm-administrator-tasks-agpm40.md)
+##### [Configuring Advanced Group Policy Management [AGPM40]](configuring-advanced-group-policy-management-agpm40.md)
+###### [Configure AGPM Server Connections [AGPM40]](configure-agpm-server-connections-agpm40.md)
+###### [Configure E-Mail Notification [AGPM40]](configure-e-mail-notification-agpm40.md)
+###### [Configure E-Mail Security for AGPM [AGPM40]](configure-e-mail-security-for-agpm-agpm40.md)
+###### [Delegate Access to the Production Environment [AGPM40]](delegate-access-to-the-production-environment-agpm40.md)
+###### [Configure Logging and Tracing [AGPM40]](configure-logging-and-tracing-agpm40.md)
+##### [Managing the Archive [AGPM40]](managing-the-archive-agpm40.md)
+###### [Delegate Domain-Level Access to the Archive [AGPM40]](delegate-domain-level-access-to-the-archive-agpm40.md)
+###### [Delegate Access to an Individual GPO in the Archive [AGPM40]](delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md)
+###### [Limit the GPO Versions Stored [AGPM40]](limit-the-gpo-versions-stored-agpm40.md)
+###### [Import a GPO from a File [AGPMAdmin]](import-a-gpo-from-a-file-agpmadmin.md)
+###### [Back Up the Archive [AGPM40]](back-up-the-archive-agpm40.md)
+###### [Restore the Archive from a Backup [AGPM40]](restore-the-archive-from-a-backup-agpm40.md)
+##### [Managing the AGPM Service [AGPM40]](managing-the-agpm-service-agpm40.md)
+###### [Start and Stop the AGPM Service [AGPM40]](start-and-stop-the-agpm-service-agpm40.md)
+###### [Modify the AGPM Service [AGPM40]](modify-the-agpm-service-agpm40.md)
+##### [Move the AGPM Server and the Archive [AGPM40]](move-the-agpm-server-and-the-archive-agpm40.md)
+#### [Performing Editor Tasks [AGPM40]](performing-editor-tasks-agpm40.md)
+##### [Creating or Controlling a GPO [AGPM40_Ed]](creating-or-controlling-a-gpo-agpm40-ed.md)
+###### [Request Control of an Uncontrolled GPO [AGPM40]](request-control-of-an-uncontrolled-gpo-agpm40.md)
+###### [Request the Creation of a New Controlled GPO [AGPM40]](request-the-creation-of-a-new-controlled-gpo-agpm40.md)
+###### [Import a GPO from Production [AGPM40_Ed]](import-a-gpo-from-production-agpm40-ed.md)
+##### [Editing a GPO [AGPM40]](editing-a-gpo-agpm40.md)
+###### [Edit a GPO Offline [AGPM40]](edit-a-gpo-offline-agpm40.md)
+###### [Label the Current Version of a GPO [AGPM40]](label-the-current-version-of-a-gpo-agpm40.md)
+###### [Rename a GPO or Template [AGPM40]](rename-a-gpo-or-template-agpm40.md)
+##### [Using a Test Environment](using-a-test-environment.md)
+###### [Export a GPO to a File](export-a-gpo-to-a-file.md)
+###### [Import a GPO from a File [Ed]](import-a-gpo-from-a-file-ed.md)
+###### [Test a GPO in a Separate Organizational Unit [AGPM40]](test-a-gpo-in-a-separate-organizational-unit-agpm40.md)
+##### [Request Deployment of a GPO [AGPM40]](request-deployment-of-a-gpo-agpm40.md)
+##### [Creating a Template and Setting a Default Template [AGPM40]](creating-a-template-and-setting-a-default-template-agpm40.md)
+###### [Create a Template [AGPM40]](create-a-template-agpm40.md)
+###### [Set a Default Template [AGPM40]](set-a-default-template-agpm40.md)
+##### [Deleting or Restoring a GPO [AGPM40]](deleting-or-restoring-a-gpo-agpm40.md)
+###### [Request Deletion of a GPO [AGPM40]](request-deletion-of-a-gpo-agpm40.md)
+###### [Request Restoration of a Deleted GPO [AGPM40]](request-restoration-of-a-deleted-gpo-agpm40.md)
+#### [Performing Approver Tasks [AGPM40]](performing-approver-tasks-agpm40.md)
+##### [Approve or Reject a Pending Action [AGPM40]](approve-or-reject-a-pending-action-agpm40.md)
+##### [Creating or Controlling a GPO [AGPM40_App]](creating-or-controlling-a-gpo-agpm40-app.md)
+###### [Control an Uncontrolled GPO [AGPM40]](control-an-uncontrolled-gpo-agpm40.md)
+###### [Create a New Controlled GPO [AGPM40]](create-a-new-controlled-gpo-agpm40.md)
+###### [Delegate Management of a Controlled GPO [AGPM40]](delegate-management-of-a-controlled-gpo-agpm40.md)
+###### [Import a GPO from Production [AGPM40_App]](import-a-gpo-from-production-agpm40-app.md)
+##### [Check In a GPO [AGPM40]](check-in-a-gpo-agpm40.md)
+##### [Deploy a GPO [AGPM40]](deploy-a-gpo-agpm40.md)
+##### [Roll Back to an Earlier Version of a GPO [AGPM40]](roll-back-to-an-earlier-version-of-a-gpo-agpm40.md)
+##### [Deleting, Restoring, or Destroying a GPO [AGPM40]](deleting-restoring-or-destroying-a-gpo-agpm40.md)
+###### [Delete a Controlled GPO [AGPM40]](delete-a-controlled-gpo-agpm40.md)
+###### [Restore a Deleted GPO [AGPM40]](restore-a-deleted-gpo-agpm40.md)
+###### [Destroy a GPO [AGPM40]](destroy-a-gpo-agpm40.md)
+#### [Performing Reviewer Tasks [AGPM40]](performing-reviewer-tasks-agpm40.md)
+##### [Configure an AGPM Server Connection [AGPM40]](configure-an-agpm-server-connection-agpm40.md)
+##### [Review GPO Settings [AGPM40]](review-gpo-settings-agpm40.md)
+##### [Review GPO Links [AGPM40]](review-gpo-links-agpm40.md)
+##### [Identify Differences Between GPOs, GPO Versions, or Templates [AGPM40]](identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md)
+#### [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md)
+#### [User Interface: Advanced Group Policy Management [AGPM40]](user-interface-advanced-group-policy-management-agpm40.md)
+##### [Contents Tab [AGPM40]](contents-tab-agpm40.md)
+###### [Contents Tab Features [AGPM40]](contents-tab-features-agpm40.md)
+###### [History Window [AGPM40]](history-window-agpm40.md)
+###### [Controlled GPO Commands [AGPM40]](controlled-gpo-commands-agpm40.md)
+###### [Uncontrolled GPO Commands [AGPM40]](uncontrolled-gpo-commands-agpm40.md)
+###### [Pending GPO Commands [AGPM40]](pending-gpo-commands-agpm40.md)
+###### [Template Commands [AGPM40]](template-commands-agpm40.md)
+###### [Recycle Bin Commands [AGPM40]](recycle-bin-commands-agpm40.md)
+##### [Domain Delegation Tab [AGPM40]](domain-delegation-tab-agpm40.md)
+##### [AGPM Server Tab [AGPM40]](agpm-server-tab-agpm40.md)
+##### [Production Delegation Tab [AGPM40]](production-delegation-tab-agpm40.md)
+##### [Administrative Templates Folder [AGPM40]](administrative-templates-folder-agpm40.md)
+###### [Logging and Tracing Settings [AGPM40]](logging-and-tracing-settings-agpm40.md)
+###### [AGPM Server Connection Settings [AGPM40]](agpm-server-connection-settings-agpm40.md)
+###### [Feature Visibility Settings [AGPM40]](feature-visibility-settings-agpm40.md)
+### [Release Notes for Microsoft Advanced Group Policy Management 4.0](release-notes-for-microsoft-advanced-group-policy-management-40.md)
+## [AGPM 3 [NavEngl]](agpm-3-navengl.md)
+### [What's New in AGPM 3.0](whats-new-in-agpm-30.md)
+### [Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md)
+### [Operations Guide for Microsoft Advanced Group Policy Management 3.0 [AGPM30Ops]](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
+#### [Overview of Advanced Group Policy Management [AGPM30Ops]](overview-of-advanced-group-policy-management-agpm30ops.md)
+#### [Best Practices for Version Control](best-practices-for-version-control.md)
+#### [Checklist: Administer the AGPM Server and Archive](checklist-administer-the-agpm-server-and-archive.md)
+#### [Checklist: Create, Edit, and Deploy a GPO [AGPM30Ops]](checklist-create-edit-and-deploy-a-gpo-agpm30ops.md)
+#### [Performing AGPM Administrator Tasks [AGPM30Ops]](performing-agpm-administrator-tasks-agpm30ops.md)
+##### [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
+###### [Configure AGPM Server Connections [AGPM30Ops]](configure-agpm-server-connections-agpm30ops.md)
+###### [Configure E-Mail Notification [AGPM30Ops]](configure-e-mail-notification-agpm30ops.md)
+###### [Configure E-Mail Security for AGPM [AGPM30Ops]](configure-e-mail-security-for-agpm-agpm30ops.md)
+###### [Delegate Access to the Production Environment [AGPM30Ops]](delegate-access-to-the-production-environment-agpm30ops.md)
+###### [Configure Logging and Tracing [AGPM30Ops]](configure-logging-and-tracing-agpm30ops.md)
+##### [Managing the Archive](managing-the-archive.md)
+###### [Delegate Domain-Level Access to the Archive [AGPM30Ops]](delegate-domain-level-access-to-the-archive-agpm30ops.md)
+###### [Delegate Access to an Individual GPO in the Archive [AGPM30Ops]](delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md)
+###### [Limit the GPO Versions Stored [AGPM30Ops]](limit-the-gpo-versions-stored-agpm30ops.md)
+###### [Back Up the Archive](back-up-the-archive.md)
+###### [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md)
+##### [Managing the AGPM Service [AGPM30Ops]](managing-the-agpm-service-agpm30ops.md)
+###### [Start and Stop the AGPM Service [AGPM30Ops]](start-and-stop-the-agpm-service-agpm30ops.md)
+###### [Modify the AGPM Service [AGPM30Ops]](modify-the-agpm-service-agpm30ops.md)
+##### [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md)
+#### [Performing Editor Tasks [AGPM30Ops]](performing-editor-tasks-agpm30ops.md)
+##### [Creating, Controlling, or Importing a GPO [AGPM30Ops]](creating-controlling-or-importing-a-gpo-agpm30ops.md)
+###### [Request Control of an Uncontrolled GPO [AGPM30Ops]](request-control-of-an-uncontrolled-gpo-agpm30ops.md)
+###### [Request the Creation of a New Controlled GPO [AGPM30Ops]](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)
+###### [Import a GPO from Production [AGPM30Ops]](import-a-gpo-from-production-agpm30ops.md)
+##### [Editing a GPO [AGPM30Ops]](editing-a-gpo-agpm30ops.md)
+###### [Edit a GPO Offline [AGPM30Ops]](edit-a-gpo-offline-agpm30ops.md)
+###### [Use a Test Environment [AGPM30Ops]](use-a-test-environment-agpm30ops.md)
+###### [Request Deployment of a GPO [AGPM30Ops]](request-deployment-of-a-gpo-agpm30ops.md)
+###### [Label the Current Version of a GPO [AGPM30Ops]](label-the-current-version-of-a-gpo-agpm30ops.md)
+###### [Rename a GPO or Template [AGPM30Ops]](rename-a-gpo-or-template-agpm30ops.md)
+##### [Creating a Template and Setting a Default Template [AGPM30Ops]](creating-a-template-and-setting-a-default-template-agpm30ops.md)
+###### [Create a Template [AGPM30Ops]](create-a-template-agpm30ops.md)
+###### [Set a Default Template [AGPM30Ops]](set-a-default-template-agpm30ops.md)
+##### [Deleting or Restoring a GPO [AGPM30Ops]](deleting-or-restoring-a-gpo-agpm30ops.md)
+###### [Request Deletion of a GPO [AGPM30Ops]](request-deletion-of-a-gpo-agpm30ops.md)
+###### [Request Restoration of a Deleted GPO [AGPM30Ops]](request-restoration-of-a-deleted-gpo-agpm30ops.md)
+#### [Performing Approver Tasks [AGPM30Ops]](performing-approver-tasks-agpm30ops.md)
+##### [Approve or Reject a Pending Action [AGPM30Ops]](approve-or-reject-a-pending-action-agpm30ops.md)
+##### [Creating, Controlling, or Importing a GPO [Editor_AGPM30Ops]](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md)
+###### [Control an Uncontrolled GPO [AGPM30Ops]](control-an-uncontrolled-gpo-agpm30ops.md)
+###### [Create a New Controlled GPO [AGPM30Ops]](create-a-new-controlled-gpo-agpm30ops.md)
+###### [Delegate Management of a Controlled GPO [AGPM30Ops]](delegate-management-of-a-controlled-gpo-agpm30ops.md)
+###### [Import a GPO from Production [Editor_AGPM30Ops]](import-a-gpo-from-production-editor-agpm30ops.md)
+##### [Check In a GPO [AGPM30Ops]](check-in-a-gpo-agpm30ops.md)
+##### [Deploy a GPO [AGPM30Ops]](deploy-a-gpo-agpm30ops.md)
+##### [Roll Back to a Previous Version of a GPO [AGPM30Ops]](roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md)
+##### [Deleting, Restoring, or Destroying a GPO [AGPM30Ops]](deleting-restoring-or-destroying-a-gpo-agpm30ops.md)
+###### [Delete a Controlled GPO [AGPM30Ops]](delete-a-controlled-gpo-agpm30ops.md)
+###### [Restore a Deleted GPO [AGPM30Ops]](restore-a-deleted-gpo-agpm30ops.md)
+###### [Destroy a GPO [AGPM30Ops]](destroy-a-gpo-agpm30ops.md)
+#### [Performing Reviewer Tasks [AGPM30Ops]](performing-reviewer-tasks-agpm30ops.md)
+##### [Configure an AGPM Server Connection [Reviewer_AGPM30Ops]](configure-an-agpm-server-connection-reviewer-agpm30ops.md)
+##### [Review GPO Settings [AGPM30Ops]](review-gpo-settings-agpm30ops.md)
+##### [Review GPO Links [AGPM30Ops]](review-gpo-links-agpm30ops.md)
+##### [Identify Differences Between GPOs, GPO Versions, or Templates [AGPM30Ops]](identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md)
+#### [Troubleshooting AGPM](troubleshooting-advanced-group-policy-management-agpm30ops.md)
+#### [User Interface: Advanced Group Policy Management [AGPM30Ops]](user-interface-advanced-group-policy-management-agpm30ops.md)
+##### [Contents Tab [AGPM30Ops]](contents-tab-agpm30ops.md)
+###### [Contents Tab Features [AGPM30Ops]](contents-tab-features-agpm30ops.md)
+###### [History Window [AGPM30Ops]](history-window-agpm30ops.md)
+###### [Controlled GPO Commands [AGPM30Ops]](controlled-gpo-commands-agpm30ops.md)
+###### [Uncontrolled GPO Commands [AGPM30Ops]](uncontrolled-gpo-commands-agpm30ops.md)
+###### [Pending GPO Commands [AGPM30Ops]](pending-gpo-commands-agpm30ops.md)
+###### [Template Commands [AGPM30Ops]](template-commands-agpm30ops.md)
+###### [Recycle Bin Commands [AGPM30Ops]](recycle-bin-commands-agpm30ops.md)
+##### [Domain Delegation Tab [AGPM30Ops]](domain-delegation-tab-agpm30ops.md)
+##### [AGPM Server Tab [AGPM30Ops]](agpm-server-tab-agpm30ops.md)
+##### [Production Delegation Tab [AGPM30Ops]](production-delegation-tab-agpm30ops.md)
+##### [Administrative Templates Folder [AGPM30Ops]](administrative-templates-folder-agpm30ops.md)
+###### [Logging and Tracing Settings [AGPM30Ops]](logging-and-tracing-settings-agpm30ops.md)
+###### [AGPM Server Connection Settings [AGPM30Ops]](agpm-server-connection-settings-agpm30ops.md)
+###### [Feature Visibility Settings [AGPM30Ops]](feature-visibility-settings-agpm30ops.md)
+## [AGPM 2.5 [NavEngl]](agpm-25-navengl.md)
+### [Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5](step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md)
+### [Operations Guide for Microsoft Advanced Group Policy Management 2.5](operations-guide-for-microsoft-advanced-group-policy-management-25.md)
+#### [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management.md)
+#### [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo.md)
+#### [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+##### [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md)
+##### [Configure E-Mail Notification](configure-e-mail-notification.md)
+##### [Delegate Domain-Level Access](delegate-domain-level-access.md)
+##### [Delegate Access to an Individual GPO](delegate-access-to-an-individual-gpo.md)
+##### [Configure Logging and Tracing](configure-logging-and-tracing.md)
+##### [Managing the AGPM Service](managing-the-agpm-service.md)
+###### [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md)
+###### [Modify the Archive Path](modify-the-archive-path.md)
+###### [Modify the AGPM Service Account](modify-the-agpm-service-account.md)
+###### [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md)
+#### [Performing Editor Tasks](performing-editor-tasks.md)
+##### [Creating, Controlling, or Importing a GPO [Editor]](creating-controlling-or-importing-a-gpo-editor.md)
+###### [Request Control of a Previously Uncontrolled GPO](request-control-of-a-previously-uncontrolled-gpo.md)
+###### [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)
+###### [Import a GPO from Production [Editor]](import-a-gpo-from-production-editor.md)
+##### [Editing a GPO](editing-a-gpo.md)
+###### [Edit a GPO Offline](edit-a-gpo-offline.md)
+###### [Use a Test Environment](use-a-test-environment.md)
+###### [Request Deployment of a GPO](request-deployment-of-a-gpo.md)
+###### [Label the Current Version of a GPO](label-the-current-version-of-a-gpo.md)
+###### [Rename a GPO or Template](rename-a-gpo-or-template.md)
+##### [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template.md)
+###### [Create a Template](create-a-template.md)
+###### [Set a Default Template](set-a-default-template.md)
+##### [Delete a GPO [Editor]](delete-a-gpo-editor.md)
+#### [Performing Approver Tasks](performing-approver-tasks.md)
+##### [Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md)
+##### [Creating, Controlling, or Importing a GPO [Approver]](creating-controlling-or-importing-a-gpo-approver.md)
+###### [Control a Previously Uncontrolled GPO](control-a-previously-uncontrolled-gpo.md)
+###### [Create a New Controlled GPO](create-a-new-controlled-gpo.md)
+###### [Delegate Access to a GPO](delegate-access-to-a-gpo.md)
+###### [Import a GPO from Production [Approver]](import-a-gpo-from-production-approver.md)
+##### [Check In a GPO [Approver]](check-in-a-gpo-approver.md)
+##### [Deploy a GPO](deploy-a-gpo.md)
+##### [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo.md)
+##### [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md)
+###### [Delete a GPO [Approver]](delete-a-gpo-approver.md)
+###### [Restore a Deleted GPO](restore-a-deleted-gpo.md)
+###### [Destroy a GPO](destroy-a-gpo.md)
+#### [Performing Reviewer Tasks](performing-reviewer-tasks.md)
+##### [Configure the AGPM Server Connection [Reviewer]](configure-the-agpm-server-connection-reviewer.md)
+##### [Review GPO Settings](review-gpo-settings.md)
+##### [Review GPO Links](review-gpo-links.md)
+##### [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates.md)
+#### [Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management.md)
+#### [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md)
+##### [Contents Tab](contents-tab.md)
+###### [Controlled Tab](controlled-tab.md)
+###### [Uncontrolled Tab](uncontrolled-tab.md)
+###### [Pending Tab](pending-tab.md)
+###### [Templates Tab](templates-tab.md)
+###### [Recycle Bin Tab](recycle-bin-tab.md)
+###### [Common Secondary Tab Features](common-secondary-tab-features.md)
+###### [History Window](history-window.md)
+##### [Domain Delegation Tab](domain-delegation-tab.md)
+##### [AGPM Server Tab](agpm-server-tab.md)
+##### [Administrative Template Settings](administrative-template-settings.md)
+###### [Logging and Tracing Settings](logging-and-tracing-settings.md)
+###### [AGPM Server Connection Settings](agpm-server-connection-settings.md)
+###### [Feature Visibility Settings](feature-visibility-settings.md)
+##### [Other Enhancements to the GPMC](other-enhancements-to-the-gpmc.md)
+## [Resources for AGPM](resources-for-agpm.md)
+

mdop/agpm/administrative-template-settings.md

@@ -0,0 +1,32 @@
+---
+title: Administrative Template Settings
+description: Administrative Template Settings
+ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d
+author: MaggiePucciEvans
+---
+
+# Administrative Template Settings
+
+
+The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM clients and servers to which a Group Policy object (GPO) with these settings is applied. Similarly, these settings enable you to centrally configure archive locations and the visibility of the **Change Control** node and **History** tab for Group Policy administrators to whom a GPO with these settings is applied.
+
+-   [Logging and Tracing Settings](logging-and-tracing-settings.md)
+
+-   [AGPM Server Connection Settings](agpm-server-connection-settings.md)
+
+-   [Feature Visibility Settings](feature-visibility-settings.md)
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/administrative-templates-folder-agpm30ops.md

@@ -0,0 +1,32 @@
+---
+title: Administrative Templates Folder
+description: Administrative Templates Folder
+ms.assetid: 0cc5b570-b6d3-4841-9646-02521c13519c
+author: MaggiePucciEvans
+---
+
+# Administrative Templates Folder
+
+
+The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Clients and AGPM Servers to which a Group Policy Object (GPO) with these settings is applied. Similarly, these settings enable you to centrally configure archive locations and the visibility of the **Change Control** folder and **History** tab for Group Policy administrators to whom a GPO with these settings is applied.
+
+-   [Logging and Tracing Settings](logging-and-tracing-settings-agpm30ops.md)
+
+-   [AGPM Server Connection Settings](agpm-server-connection-settings-agpm30ops.md)
+
+-   [Feature Visibility Settings](feature-visibility-settings-agpm30ops.md)
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/administrative-templates-folder-agpm40.md

@@ -0,0 +1,32 @@
+---
+title: Administrative Templates Folder
+description: Administrative Templates Folder
+ms.assetid: abc41968-4505-4b09-94f2-67ee0e6c9aaf
+author: MaggiePucciEvans
+---
+
+# Administrative Templates Folder
+
+
+The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Clients and AGPM Servers to which a Group Policy Object (GPO) with these settings is applied. Similarly, these settings enable you to centrally configure archive locations and the visibility of the **Change Control** folder and **History** tab for Group Policy administrators to whom a GPO with these settings is applied.
+
+-   [Logging and Tracing Settings](logging-and-tracing-settings-agpm40.md)
+
+-   [AGPM Server Connection Settings](agpm-server-connection-settings-agpm40.md)
+
+-   [Feature Visibility Settings](feature-visibility-settings-agpm40.md)
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-25-navengl.md

@@ -0,0 +1,22 @@
+---
+title: AGPM 2.5
+description: AGPM 2.5
+ms.assetid: 6db42f2e-88b2-4305-ab6b-d3cd0c5d686c
+author: MaggiePucciEvans
+---
+
+# AGPM 2.5
+
+
+-   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5](step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md)
+
+-   [Operations Guide for Microsoft Advanced Group Policy Management 2.5](operations-guide-for-microsoft-advanced-group-policy-management-25.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-3-navengl.md

@@ -0,0 +1,24 @@
+---
+title: AGPM 3
+description: AGPM 3
+ms.assetid: b0d0051d-2900-4a0f-8307-552ad26b0e3b
+author: MaggiePucciEvans
+---
+
+# AGPM 3
+
+
+-   [What's New in AGPM 3.0](whats-new-in-agpm-30.md)
+
+-   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md)
+
+-   [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-4-navengl.md

@@ -0,0 +1,26 @@
+---
+title: AGPM 4
+description: AGPM 4
+ms.assetid: 81693f30-1b8e-4e63-b1ac-e6de1bc30cc0
+author: MaggiePucciEvans
+---
+
+# AGPM 4
+
+
+-   [What's New in AGPM 4.0](whats-new-in-agpm-40.md)
+
+-   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md)
+
+-   [Operations Guide for Microsoft Advanced Group Policy Management 4.0](operations-guide-for-microsoft-advanced-group-policy-management-40.md)
+
+-   [Release Notes for Microsoft Advanced Group Policy Management 4.0](release-notes-for-microsoft-advanced-group-policy-management-40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-40-sp1-navengl.md

@@ -0,0 +1,22 @@
+---
+title: AGPM 4.0 SP1
+description: AGPM 4.0 SP1
+ms.assetid: 4e55d9e6-635c-4ba6-acbb-ed1d1b580a5b
+author: MaggiePucciEvans
+---
+
+# AGPM 4.0 SP1
+
+
+-   [What's New in AGPM 4.0 SP1](whats-new-in-agpm-40-sp1.md)
+
+-   [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1](release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-40-sp2-navengl.md

@@ -0,0 +1,22 @@
+---
+title: AGPM 4.0 SP2
+description: AGPM 4.0 SP2
+ms.assetid: 915c9791-ac07-43db-bd53-957b641c700f
+author: MaggiePucciEvans
+---
+
+# AGPM 4.0 SP2
+
+
+-   [What's New in AGPM 4.0 SP2](whats-new-in-agpm-40-sp2.md)
+
+-   [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2](release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-40-sp3-navengl.md

@@ -0,0 +1,22 @@
+---
+title: AGPM 4.0 SP3
+description: AGPM 4.0 SP3
+ms.assetid: cd80eea9-601f-4e45-b89e-c3904addee37
+author: MaggiePucciEvans
+---
+
+# AGPM 4.0 SP3
+
+
+-   [What's New in AGPM 4.0 SP3](whats-new-in-agpm-40-sp3.md)
+
+-   [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3](release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-server-connection-settings-agpm30ops.md

@@ -0,0 +1,53 @@
+---
+title: AGPM Server Connection Settings
+description: AGPM Server Connection Settings
+ms.assetid: 5f03e397-b868-4c49-9cbf-a5f5d0ddcc39
+author: MaggiePucciEvans
+---
+
+# AGPM Server Connection Settings
+
+
+You can use Administrative template settings for Advanced Group Policy Management (AGPM) to centrally configure AGPM Server connections for Group Policy administrators to whom a Group Policy Object (GPO) with these settings is applied.
+
+The following settings are available under User Configuration\\Policies\\Administrative Templates\\Windows Components\\AGPM when editing a GPO.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Setting</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>AGPM: Specify default AGPM Server (all domains)</strong></p></td>
+<td align="left"><p>This policy setting allows you to specify a default AGPM Server for all domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to another archive. You can override this default for individual domains using the <strong>AGPM: Specify AGPM Servers</strong> setting.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>AGPM: Specify AGPM Servers</strong></p></td>
+<td align="left"><p>This policy setting allows you to specify the AGPM Servers for individual domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to a different archive for the specified domain. To specify a default AGPM Server, use the <strong>AGPM: Specify default AGPM Server (all domains)</strong> setting and use this policy setting to override the default on a per domain basis.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Administrative Templates Folder](administrative-templates-folder-agpm30ops.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-server-connection-settings-agpm40.md

@@ -0,0 +1,53 @@
+---
+title: AGPM Server Connection Settings
+description: AGPM Server Connection Settings
+ms.assetid: cc67f122-6309-4820-92c2-f6a27d897123
+author: MaggiePucciEvans
+---
+
+# AGPM Server Connection Settings
+
+
+You can use Administrative template settings for Advanced Group Policy Management (AGPM) to centrally configure AGPM Server connections for Group Policy administrators to whom a Group Policy Object (GPO) with these settings is applied.
+
+The following settings are available under User Configuration\\Policies\\Administrative Templates\\Windows Components\\AGPM when editing a GPO.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Setting</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>AGPM: Specify default AGPM Server (all domains)</strong></p></td>
+<td align="left"><p>This policy setting allows you to specify a default AGPM Server for all domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to another archive. You can override this default for individual domains using the <strong>AGPM: Specify AGPM Servers</strong> setting.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>AGPM: Specify AGPM Servers</strong></p></td>
+<td align="left"><p>This policy setting allows you to specify the AGPM Servers for individual domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to a different archive for the specified domain. To specify a default AGPM Server, use the <strong>AGPM: Specify default AGPM Server (all domains)</strong> setting and use this policy setting to override the default on a per domain basis.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Administrative Templates Folder](administrative-templates-folder-agpm40.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-server-connection-settings.md

@@ -0,0 +1,55 @@
+---
+title: AGPM Server Connection Settings
+description: AGPM Server Connection Settings
+ms.assetid: faf78e5b-2b0d-4069-9b8c-910add892200
+author: MaggiePucciEvans
+---
+
+# AGPM Server Connection Settings
+
+
+You can use Administrative template settings for Advanced Group Policy Management (AGPM) to centrally configure AGPM Server connections for Group Policy administrators to whom a Group Policy object (GPO) with these settings is applied.
+
+The following settings are available under User Configuration\\Administrative Templates\\Windows Components\\AGPM when editing a GPO. If this path is not visible, right-click **Administrative Templates**, and add the agpm.admx or agpm.adm template.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Setting</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>AGPM Server (all domains)</strong></p></td>
+<td align="left"><p>If enabled, this setting centrally configures one AGPM Server connection for use by all domains and disables the settings on the <strong>AGPM Server</strong> tab for Group Policy administrators. For multiple AGPM Servers, configure this setting with a default server and then configure the <strong>AGPM Server</strong> setting in the Administrative template to override this server for other domains.</p>
+<p>If disabled or not configured, each Group Policy administrator must select the AGPM Server to display for each domain on the <strong>AGPM Server</strong> tab in AGPM.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>AGPM Server</strong></p></td>
+<td align="left"><p>If enabled, this setting centrally configures multiple domain-specific AGPM Servers, overriding the <strong>AGPM Server (all domains)</strong> setting in the Administrative template. If your environment requires only a single AGPM Server, use only the <strong>AGPM Server (all domains)</strong> setting in the Administrative template.</p>
+<p>If disabled or not configured, the <strong>AGPM Server (all domains)</strong> setting in the Administrative template configures the AGPM Server connection.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Administrative Template Settings](administrative-template-settings.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-server-tab-agpm30ops.md

@@ -0,0 +1,47 @@
+---
+title: AGPM Server Tab
+description: AGPM Server Tab
+ms.assetid: fb3b0265-53ed-4bf6-88a4-c409f5f1bed4
+author: MaggiePucciEvans
+---
+
+# AGPM Server Tab
+
+
+The **AGPM Server** tab on the **Change Control** pane enables you to select an AGPM Server by entering a fully-qualified computer name and port, and to delete older versions of Group Policy Objects (GPOs) from the archive to conserve disk space on the AGPM Server.
+
+## Specifying the AGPM Server
+
+
+The AGPM Server selected determines which archive is displayed for you on the **Contents** tab and to which location the **Domain Delegation** settings are applied. The default port for Advanced Group Policy Management (AGPM) is port 4600.
+
+If the AGPM Server connection is centrally configured using Administrative template settings, the options on this tab for configuring the connection are unavailable. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md).
+
+## Deleting old GPO versions
+
+
+By default, all versions of every controlled GPO are retained in the archive. However, you can configure the AGPM Service to limit the number of versions retained for each GPO and automatically delete the oldest version when that limit is exceeded. Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit.
+
+**Note**  
+The maximum number of unique versions to store for each GPO does not include the current version, so entering 0 retains only the current version. The limit must be no greater than 999 versions.
+
+When a GPO version is deleted, a record of that version remains in the history of the GPO, but the GPO version itself is deleted from the archive. You can prevent a GPO version from being deleted by marking it in the history as not deletable.
+
+ 
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-server-tab-agpm40.md

@@ -0,0 +1,47 @@
+---
+title: AGPM Server Tab
+description: AGPM Server Tab
+ms.assetid: a6689437-233e-4f33-a0d6-f7d432c96c00
+author: MaggiePucciEvans
+---
+
+# AGPM Server Tab
+
+
+The **AGPM Server** tab on the **Change Control** pane enables you to select an AGPM Server by entering a fully-qualified computer name and port, and to delete older versions of Group Policy Objects (GPOs) from the archive to conserve disk space on the AGPM Server.
+
+## Specifying the AGPM Server
+
+
+The AGPM Server selected determines which archive is displayed for you on the **Contents** tab and to which location the **Domain Delegation** settings are applied. The default port for Advanced Group Policy Management (AGPM) is port 4600.
+
+If the AGPM Server connection is centrally configured using Administrative template settings, the options on this tab for configuring the connection are unavailable. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md).
+
+## Deleting old GPO versions
+
+
+By default, all versions of every controlled GPO are retained in the archive. However, you can configure the AGPM Service to limit the number of versions retained for each GPO and automatically delete the oldest version when that limit is exceeded. Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit.
+
+**Note**  
+The maximum number of unique versions to store for each GPO does not include the current version, so entering 0 retains only the current version. The limit must be no greater than 999 versions.
+
+When a GPO version is deleted, a record of that version remains in the history of the GPO, but the GPO version itself is deleted from the archive. You can prevent a GPO version from being deleted by marking it in the history as not deletable.
+
+ 
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/agpm-server-tab.md

@@ -0,0 +1,32 @@
+---
+title: AGPM Server Tab
+description: AGPM Server Tab
+ms.assetid: ce4490b7-b564-49af-8962-858ee39e0016
+author: MaggiePucciEvans
+---
+
+# AGPM Server Tab
+
+
+The **AGPM Server** tab on the **Change Control** pane enables you to select an AGPM Server by entering a fully-qualified computer name and port. The default port for Advanced Group Policy Management (AGPM) is port 4600.
+
+The AGPM Server selected determines which archive is displayed for you on the **Contents** tab and to which location the **Domain Delegation** settings are applied.
+
+If the AGPM Server connection is centrally configured using Administrative template settings, the options on this tab are unavailable. For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md).
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md)
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md

@@ -0,0 +1,53 @@
+---
+title: Approve or Reject a Pending Action
+description: Approve or Reject a Pending Action
+ms.assetid: 6d78989a-b600-4876-9dd9-bc6207ff2ce7
+author: MaggiePucciEvans
+---
+
+# Approve or Reject a Pending Action
+
+
+The core responsibility of an Approver is to evaluate and then approve or reject requests for Group Policy Object (GPO) creation, deployment, and deletion from Editors or Reviewers who do not have permission to complete those actions. Reports can assist an Approver with evaluating a new version of a GPO.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To approve or reject a pending request**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Pending** tab to display the pending GPOs.
+
+3.  Right-click a pending GPO, and then click either **Approve** or **Reject**.
+
+4.  If approving deployment, click **Advanced** in the **Approve Pending Operation** dialog box to review links to the GPO. Pause the mouse pointer on an item in the tree to display details.
+
+    -   By default, all links to the GPO will be restored.
+
+    -   To prevent a link from being restored, clear the check box for that link.
+
+    -   To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box.
+
+5.  Click **Yes** or **OK** to confirm approval or rejection of the pending action. If you have approved the request, the GPO is moved to the appropriate tab for the action performed.
+
+    **Note**  
+    If an Approver's e-mail address is included in the **To e-mail address** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request.
+
+     
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have the permissions required to perform the request that you are approving.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/approve-or-reject-a-pending-action-agpm40.md

@@ -0,0 +1,53 @@
+---
+title: Approve or Reject a Pending Action
+description: Approve or Reject a Pending Action
+ms.assetid: 078ea8b5-9ac5-45fc-9ac1-a1aa629c10b4
+author: MaggiePucciEvans
+---
+
+# Approve or Reject a Pending Action
+
+
+The core responsibility of an Approver is to evaluate and then approve or reject requests for Group Policy Object (GPO) creation, deployment, and deletion from Editors or Reviewers who do not have permission to complete those actions. Reports can assist an Approver with evaluating a new version of a GPO.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To approve or reject a pending request**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Pending** tab to display the pending GPOs.
+
+3.  Right-click a pending GPO, and then click either **Approve** or **Reject**.
+
+4.  If approving deployment, click **Advanced** in the **Approve Pending Operation** dialog box to review links to the GPO. Pause the mouse pointer on an item in the tree to display details.
+
+    -   By default, all links to the GPO will be restored.
+
+    -   To prevent a link from being restored, clear the check box for that link.
+
+    -   To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box.
+
+5.  Click **Yes** or **OK** to confirm approval or rejection of the pending action. If you have approved the request, the GPO is moved to the appropriate tab for the action performed.
+
+    **Note**  
+    If an Approver's e-mail address is included in the **To e-mail address** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request.
+
+     
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have the permissions required to perform the request that you are approving.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/approve-or-reject-a-pending-action.md

@@ -0,0 +1,53 @@
+---
+title: Approve or Reject a Pending Action
+description: Approve or Reject a Pending Action
+ms.assetid: 22921a51-50fb-4a47-bec1-4f563f523675
+author: MaggiePucciEvans
+---
+
+# Approve or Reject a Pending Action
+
+
+The core responsibility of an Approver is to evaluate and then approve or reject requests for Group Policy object (GPO) creation, deployment, and deletion from Editors or Reviewers who do not have permission to complete those actions. The report capabilities of Advanced Group Policy Management (AGPM) can assist an Approver with evaluating a new version of a GPO.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To approve or reject a pending request**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Pending** tab to display the pending GPOs.
+
+3.  Right-click a pending GPO, and then click either **Approve** or **Reject**.
+
+4.  If approving deployment, click **Advanced** in the **Approve Pending Operation** dialog box to review links to the GPO. Pause the mouse pointer on a node in the tree to display details.
+
+    -   By default, all links to the GPO will be restored.
+
+    -   To prevent a link from being restored, clear the check box for that link.
+
+    -   To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box.
+
+5.  Click **Yes** or **OK** to confirm approval or rejection of the pending action. If you have approved the request, the GPO is moved to the appropriate tab for the action performed.
+
+    **Note**  
+    If an Approver's e-mail address is included in the **To** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request.
+
+     
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have the permissions required to perform the request that you are approving.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/back-up-the-archive-agpm40.md

@@ -0,0 +1,45 @@
+---
+title: Back Up the Archive
+description: Back Up the Archive
+ms.assetid: 538d85eb-3596-4c1d-bbd7-26bc28857c28
+author: MaggiePucciEvans
+---
+
+# Back Up the Archive
+
+
+To help in the recovery of the archive for Advanced Group Policy Management (AGPM) if there is a disaster, an AGPM Administrator (Full Control) should back up the archive frequently. By default, the archive is created in %ProgramData%\\Microsoft\\AGPM. However, you can specify a different path during the setup of Microsoft Advanced Group Policy Management - Server.
+
+A user account that has access to both the AGPM Server—the computer on which the AGPM Service is installed—and to the folder that contains the archive is required to complete this procedure.
+
+**To back up the archive**
+
+1.  Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md).
+
+2.  Back up the archive folder by using Windows Explorer, Xcopy, Windows Server® Backup, or another backup tool. Make sure that you back up hidden, system, and read-only files.
+
+3.  Store the archive backup in a secure location.
+
+4.  Restart the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md).
+
+**Note**  
+If an AGPM Administrator backs up the archive infrequently, the Group Policy Objects (GPOs) in the archive backup will not be current. To better ensure that the archive backup is current, back up the archive as part of your organization’s daily backup strategy.
+
+ 
+
+### Additional references
+
+-   [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md)
+
+-   [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md)
+
+-   [Managing the Archive](managing-the-archive-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/back-up-the-archive.md

@@ -0,0 +1,45 @@
+---
+title: Back Up the Archive
+description: Back Up the Archive
+ms.assetid: 400176da-3518-4475-ad19-c96cda6ca7ba
+author: MaggiePucciEvans
+---
+
+# Back Up the Archive
+
+
+To help in the recovery of the archive for Advanced Group Policy Management (AGPM) if there is a disaster, an AGPM Administrator (Full Control) should back up the archive frequently. By default, the archive is created in %ProgramData%\\Microsoft\\AGPM. However, you can specify a different path during the setup of Microsoft Advanced Group Policy Management - Server.
+
+A user account that has access to both the AGPM Server—the computer on which the AGPM Service is installed—and to the folder that contains the archive is required to complete this procedure.
+
+**To back up the archive**
+
+1.  Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md).
+
+2.  Back up the archive folder by using Windows Explorer, Xcopy, Windows Server® Backup, or another backup tool. Make sure that you back up hidden, system, and read-only files.
+
+3.  Store the archive backup in a secure location.
+
+4.  Restart the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md).
+
+**Note**  
+If an AGPM Administrator backs up the archive infrequently, the Group Policy Objects (GPOs) in the archive backup will not be current. To better ensure that the archive backup is current, back up the archive as part of your organization’s daily backup strategy.
+
+ 
+
+### Additional references
+
+-   [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md)
+
+-   [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md)
+
+-   [Managing the Archive](managing-the-archive.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/best-practices-for-version-control-agpm40.md

@@ -0,0 +1,36 @@
+---
+title: Best Practices for Version Control
+description: Best Practices for Version Control
+ms.assetid: 4a2a1ac7-67f3-4ba3-ab07-860d33da0efe
+author: MaggiePucciEvans
+---
+
+# Best Practices for Version Control
+
+
+Microsoft Advanced Group Policy Management (AGPM) provides version control for Group Policy Objects (GPOs) much like Microsoft Visual SourceSafe® provides version control for source code. Developers can use Visual SourceSafe to manage multiple versions of each source file. Group Policy administrators can use AGPM to do the same for GPOs. When you use AGPM, Group Policy administrators should be aware of best practices that apply to any version control system:
+
+-   **Date and time:** AGPM stamps each version of a GPO with the date and time. To ensure that history is accurate, especially when you edit GPOs on more than one computer, make sure that each computer synchronizes its clock with one authoritative time source.
+
+-   **Check in GPOs when you are finished editing them:** It is common for Editors to check out GPOs and forget to check them back into the archive. However, this can prevent other Group Policy administrators from changing the GPO. Always check GPOs back in to AGPM immediately when you are finished editing.
+
+-   **Save changes frequently:** When you edit a GPO, save changes frequently. Most Editors check out a GPO, make many changes, and then check the GPO into the archive. Instead, check the GPO into the archive regularly, and then check it out again. The detail can be as small as checking in the GPO after you change every setting (not recommended) or checking in the GPO after you make groups of related changes. The result is a better-documented history for each GPO that can help when troubleshooting issues.
+
+-   **Deploy GPOs frequently:** Do not let new and edited GPOs that have not yet been deployed accumulate in large numbers in the archive. Instead, deploy new and edited GPOs as soon as possible so that they have a minimum effect on the production environment. Deploying many new and edited GPOs at one time can jeopardize the production environment.
+
+-   **Document the purpose of changes when you check in GPOs:** Any Reviewer can compare versions of a GPO to see specific changes between the two. Documenting those specific changes adds no value. Instead, document the intent and purpose of a change instead of documenting what Reviewers can see by viewing difference reports. Version comments should add value to the comparison report and help a Reviewer understand why the Editor changed the GPO.
+
+-   **Test GPOs in a test environment:** Deploying GPOs to the production environment without testing them is risky. Instead, test your GPOs in a domain in a test forest, and then export the GPOs to files and import them to a domain in a production forest. Also, you can link GPOs to an organizational unit that contains test computers and users. Verify that each GPO functions correctly in the test environment and then deploy the GPOs to the production environment.
+
+### Additional references
+
+-   [Advanced Group Policy Management 4.0](../agpm/advanced-group-policy-management-40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/best-practices-for-version-control.md

@@ -0,0 +1,36 @@
+---
+title: Best Practices for Version Control
+description: Best Practices for Version Control
+ms.assetid: 89067f6a-f7ea-4dad-999d-118284cf6c5a
+author: MaggiePucciEvans
+---
+
+# Best Practices for Version Control
+
+
+Microsoft Advanced Group Policy Management (AGPM) provides version control for Group Policy Objects (GPOs) much like Microsoft Visual SourceSafe® provides version control for source code. Developers can use Visual SourceSafe to manage multiple versions of each source file. Group Policy administrators can use AGPM to do the same for GPOs. When you use AGPM, Group Policy administrators should be aware of best practices that apply to any version control system:
+
+-   **Date and time:** AGPM stamps each version of a GPO with the date and time. To ensure that history is accurate, especially when you edit GPOs on more than one computer, make sure that each computer synchronizes its clock with one authoritative time source.
+
+-   **Check in GPOs when you are finished editing them:** It is common for Editors to check out GPOs and forget to check them back into the archive. However, this can prevent other Group Policy administrators from changing the GPO. Always check GPOs back in to AGPM immediately when you are finished editing.
+
+-   **Save changes frequently:** When you edit a GPO, save changes frequently. Most Editors check out a GPO, make many changes, and then check the GPO into the archive. Instead, check the GPO into the archive regularly, and then check it out again. The detail can be as small as checking in the GPO after you change every setting (not recommended) or checking in the GPO after you make groups of related changes. The result is a better-documented history for each GPO that can help when troubleshooting issues.
+
+-   **Deploy GPOs frequently:** Do not let new and edited GPOs that have not yet been deployed accumulate in large numbers in the archive. Instead, deploy new and edited GPOs as soon as possible so that they have a minimum effect on the production environment. Deploying many new and edited GPOs at one time can jeopardize the production environment.
+
+-   **Document the purpose of changes when you check in GPOs:** Any Reviewer can compare versions of a GPO to see specific changes between the two. Documenting those specific changes adds no value. Instead, document the intent and purpose of a change instead of documenting what Reviewers can see by viewing difference reports. Version comments should add value to the comparison report and help a Reviewer understand why the Editor changed the GPO.
+
+-   **Test GPOs in a lab before you deploy:** Deploying GPOs to the production environment without first testing them is risky. Instead, test GPOs in a lab environment by linking them to an organizational unit that contains test computers and users, and then verifying that they function correctly. After verifying each GPO in the lab, deploy the GPO to the production environment.
+
+### Additional references
+
+-   [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/check-in-a-gpo-agpm30ops.md

@@ -0,0 +1,46 @@
+---
+title: Check In a GPO
+description: Check In a GPO
+ms.assetid: 437397db-c94b-4940-b1a4-05442619ebee
+author: MaggiePucciEvans
+---
+
+# Check In a GPO
+
+
+Ordinarily, Editors should check in Group Policy Objects (GPOs) that they have edited when their modifications are complete. (For details, see [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md).) However, if the Editor is unavailable, an Approver can also check in a GPO.
+
+A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To check in a GPO that has been checked out by an Editor**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+    -   To discard any changes made by the Editor, right-click the GPO, click **Undo Check Out**, and then click **Yes** to confirm.
+
+    -   To retain changes made by the Editor, right-click the GPO and then click **Check In**.
+
+3.  Type a comment to be displayed in the audit trail of the GPO, and then click **OK**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**.
+
+### Additional considerations
+
+-   By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
+
+-   [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/check-in-a-gpo-agpm40.md

@@ -0,0 +1,46 @@
+---
+title: Check In a GPO
+description: Check In a GPO
+ms.assetid: b838c8a2-eb9e-4e5b-8740-d7701a4294ac
+author: MaggiePucciEvans
+---
+
+# Check In a GPO
+
+
+Ordinarily, Editors should check in Group Policy Objects (GPOs) that they have edited when their modifications are complete. (For details, see [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md).) However, if the Editor is unavailable, an Approver can also check in a GPO.
+
+A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To check in a GPO that has been checked out by an Editor**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+    -   To discard any changes made by the Editor, right-click the GPO, click **Undo Check Out**, and then click **Yes** to confirm.
+
+    -   To retain changes made by the Editor, right-click the GPO and then click **Check In**.
+
+3.  Type a comment to be displayed in the audit trail of the GPO, and then click **OK**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**.
+
+### Additional considerations
+
+-   By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
+
+-   [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/check-in-a-gpo-approver.md

@@ -0,0 +1,46 @@
+---
+title: Check In a GPO
+description: Check In a GPO
+ms.assetid: e428cfff-651f-4903-bf01-d742714d2fa9
+author: MaggiePucciEvans
+---
+
+# Check In a GPO
+
+
+Ordinarily, Editors should check in Group Policy objects (GPOs) that they have edited when their modifications are complete. (For details, see [Edit a GPO Offline](edit-a-gpo-offline.md).) However, if the Editor is unavailable, an Approver can also check in a GPO.
+
+A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To check in a GPO that has been checked out by an Editor**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs.
+
+    -   To discard any changes made by the Editor, right-click the GPO, click **Undo Check Out**, and then click **Yes** to confirm.
+
+    -   To retain changes made by the Editor, right-click the GPO and then click **Check In**.
+
+3.  Type a comment to be displayed in the audit trail of the GPO, and then click **OK**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**.
+
+### Additional considerations
+
+-   By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks.md)
+
+-   [Edit a GPO Offline](edit-a-gpo-offline.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md

@@ -0,0 +1,84 @@
+---
+title: Checklist Administer the AGPM Server and Archive
+description: Checklist Administer the AGPM Server and Archive
+ms.assetid: d9c60203-90c2-48a7-9318-197e0ec5038b
+author: MaggiePucciEvans
+---
+
+# Checklist: Administer the AGPM Server and Archive
+
+
+In Advanced Group Policy Management (AGPM), both the AGPM Service and the archive are managed by AGPM Administrators (Full Control). The following are typical tasks for an AGPM Administrator.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Frequent Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Delegate access to Group Policy Objects (GPOs) in the archive.</p></td>
+<td align="left"><p>[Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm40.md)</p>
+<p>[Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Back up the archive to enable disaster recovery.</p></td>
+<td align="left"><p>[Back Up the Archive](back-up-the-archive-agpm40.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Infrequent Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Restore the archive from a backup to recover from a disaster.</p></td>
+<td align="left"><p>[Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Move the AGPM Service, the archive, or both to a different server.</p></td>
+<td align="left"><p>[Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.</p></td>
+<td align="left"><p>[Modify the AGPM Service](modify-the-agpm-service-agpm40.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Troubleshoot common problems with the AGPM Server.</p></td>
+<td align="left"><p>[Troubleshooting AGPM](troubleshooting-agpm-agpm40.md)</p>
+<p>[Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Advanced Group Policy Management 4.0](../agpm/advanced-group-policy-management-40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/checklist-administer-the-agpm-server-and-archive.md

@@ -0,0 +1,84 @@
+---
+title: Checklist Administer the AGPM Server and Archive
+description: Checklist Administer the AGPM Server and Archive
+ms.assetid: 0b2eb536-c3cc-462f-a42f-27a53f57bc55
+author: MaggiePucciEvans
+---
+
+# Checklist: Administer the AGPM Server and Archive
+
+
+In Advanced Group Policy Management (AGPM), both the AGPM Service and the archive are managed by AGPM Administrators (Full Control). The following are typical tasks for an AGPM Administrator.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Frequent Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Delegate access to Group Policy Objects (GPOs) in the archive.</p></td>
+<td align="left"><p>[Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm30ops.md)</p>
+<p>[Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Back up the archive to enable disaster recovery.</p></td>
+<td align="left"><p>[Back Up the Archive](back-up-the-archive.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Infrequent Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Restore the archive from a backup to recover from a disaster.</p></td>
+<td align="left"><p>[Restore the Archive from a Backup](restore-the-archive-from-a-backup.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Move the AGPM Service, the archive, or both to a different server.</p></td>
+<td align="left"><p>[Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.</p></td>
+<td align="left"><p>[Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Troubleshoot common problems with the AGPM Server.</p></td>
+<td align="left"><p>[Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management-agpm30ops.md)</p>
+<p>[Configure Logging and Tracing](configure-logging-and-tracing-agpm30ops.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md

@@ -0,0 +1,66 @@
+---
+title: Checklist Create, Edit, and Deploy a GPO
+description: Checklist Create, Edit, and Deploy a GPO
+ms.assetid: a7a17706-304a-4455-9ada-52508ec620f1
+author: MaggiePucciEvans
+---
+
+# Checklist: Create, Edit, and Deploy a GPO
+
+
+In an environment where multiple people make changes to Group Policy Objects (GPOs) using Advanced Group Policy Management (AGPM), an AGPM Administrator (Full Control) delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. The following is a typical GPO development process for an Editor and an Approver.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Editor requests the creation of a new GPO or an Approver creates a new GPO.</p></td>
+<td align="left"><p>[Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)</p>
+<p>[Create a New Controlled GPO](create-a-new-controlled-gpo-agpm30ops.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Approver approves the creation of the GPO if it was requested by an Editor.</p></td>
+<td align="left"><p>[Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Editor checks out a copy of the GPO from the archive, so no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.</p></td>
+<td align="left"><p>[Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Editor requests deployment of the GPO to the production environment.</p></td>
+<td align="left"><p>[Request Deployment of a GPO](request-deployment-of-a-gpo-agpm30ops.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Reviewers, such as Approvers or Editors, analyze the GPO.</p></td>
+<td align="left"><p>[Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Approver approves and deploys the GPO to the production environment or rejects the GPO.</p></td>
+<td align="left"><p>[Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+[Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md

@@ -0,0 +1,70 @@
+---
+title: Checklist Create, Edit, and Deploy a GPO
+description: Checklist Create, Edit, and Deploy a GPO
+ms.assetid: 44631bed-16d2-4b5a-af70-17a73fb5f6af
+author: MaggiePucciEvans
+---
+
+# Checklist: Create, Edit, and Deploy a GPO
+
+
+In an environment where multiple people change Group Policy Objects (GPOs) by using Advanced Group Policy Management (AGPM), an AGPM Administrator (Full Control) delegates permission to Editors, Approvers, and Reviewers either as groups or as individuals. The following is a typical GPO development process for an Editor and an Approver.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Editor requests that a new GPO be created or an Approver creates a new GPO.</p></td>
+<td align="left"><p>[Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md)</p>
+<p>[Create a New Controlled GPO](create-a-new-controlled-gpo-agpm40.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Approver approves the creation of the GPO if it was requested by an Editor.</p></td>
+<td align="left"><p>[Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Editor checks out a copy of the GPO from the archive so that no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.</p></td>
+<td align="left"><p>[Edit a GPO Offline](edit-a-gpo-offline-agpm40.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>If developing in a test forest, Editor exports the GPO to a file, transfers the file to the production forest, and imports the file. Additionally, an Editor can link the GPO to an organizational unit that contains test computers and users.</p></td>
+<td align="left"><p>[Using a Test Environment](using-a-test-environment.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Editor requests deployment of the GPO to the production environment of the domain.</p></td>
+<td align="left"><p>[Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Reviewers, such as Approvers or Editors, analyze the GPO.</p></td>
+<td align="left"><p>[Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Approver approves and deploys the GPO to the production environment of the domain or rejects the GPO.</p></td>
+<td align="left"><p>[Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+[Advanced Group Policy Management 4.0](../agpm/advanced-group-policy-management-40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md

@@ -0,0 +1,62 @@
+---
+title: Checklist Create, Edit, and Deploy a GPO
+description: Checklist Create, Edit, and Deploy a GPO
+ms.assetid: 614e2d9a-c18b-4f62-99fd-e17a2ac8559d
+author: MaggiePucciEvans
+---
+
+# Checklist: Create, Edit, and Deploy a GPO
+
+
+In an environment where multiple people make changes to Group Policy objects (GPOs), an AGPM Administrator (Full Control) delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. The following is a typical GPO development process for an Editor and an Approver.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Editor requests the creation of a new GPO or an Approver creates a new GPO.</p></td>
+<td align="left"><p>[Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)</p>
+<p>[Create a New Controlled GPO](create-a-new-controlled-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Approver approves the creation of the GPO if it was requested by an Editor.</p></td>
+<td align="left"><p>[Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Editor checks out a copy of the GPO from the archive, so no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.</p></td>
+<td align="left"><p>[Edit a GPO Offline](edit-a-gpo-offline.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Editor requests deployment of the GPO to the production environment.</p></td>
+<td align="left"><p>[Request Deployment of a GPO](request-deployment-of-a-gpo.md)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Reviewers, such as Approvers or Editors, analyze the GPO.</p></td>
+<td align="left"><p>[Performing Reviewer Tasks](performing-reviewer-tasks.md)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Approver approves and deploys the GPO to the production environment or rejects the GPO.</p></td>
+<td align="left"><p>[Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/choosing-which-version-of-agpm-to-install.md

@@ -0,0 +1,294 @@
+---
+title: Choosing Which Version of AGPM to Install
+description: Choosing Which Version of AGPM to Install
+ms.assetid: 31357d2a-bc23-4e15-93f4-0beda8ab7a7b
+author: MaggiePucciEvans
+---
+
+# Choosing Which Version of AGPM to Install
+
+
+Each release of Microsoft Advanced Group Policy Management (AGPM) supports specific versions of the Windows operating system. We strongly recommend that you run the AGPM Client and AGPM Server on the same line of operating systems, for example, Windows 8.1 with Windows Server 2012 R2, Windows 8 with Windows Server 2012, and so on.
+
+We recommend that you install the AGPM Server on the most recent version of the operating system in the domain. AGPM uses the Group Policy Management Console (GPMC) to back up and restore Group Policy Objects (GPOs). Because newer versions of the GPMC provide additional policy settings that are not available in earlier versions, you can manage more policy settings by using the most recent version of the operating system.
+
+All versions of AGPM can manage only the policy settings that were introduced in the same version or an earlier version of the operating system on which AGPM is running. For example, if you install AGPM 4.0 SP2 on Windows Server 2012, you can manage policy settings that were introduced in Windows Server 2012 or earlier, but you cannot manage policy settings that were introduced later, in Windows 8.1 or Windows Server 2012 R2.
+
+If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For information about which policy settings are available with which operating systems, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/?LinkId=157345).
+
+## AGPM 4.0 SP3
+
+
+If you are using computers that are running Windows 10 to manage GPOs, you must use AGPM 4.0 SP3. You cannot install earlier versions of AGPM on computers that are running the Windows 10 operating system.
+
+Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and the policy settings that you can manage by using AGPM 4.0 SP3.
+
+**Table 1: AGPM  4.0 SP3 supported operating systems and policy settings**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left"><strong>Supported configurations for the AGPM Server</strong></th>
+<th align="left"><strong>Supported configurations for the AGPM Client</strong></th>
+<th align="left"><strong>AGPM Support</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>Supported</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2012 R2 or Windows 8.1</p></td>
+<td align="left"><p>Windows Server 2012 R2 or Windows 8.1</p></td>
+<td align="left"><p>Supported</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012 R2, Windows Server 2012, Windows 8.1, or Windows 8</p></td>
+<td align="left"><p>Windows Server 2012 or Windows 8</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 or Windows 8</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with Service Pack 1 (SP1)</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+<td align="left"><p>Not supported</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## AGPM 4.0 SP2
+
+
+If you are using computers that are running Windows Server 2012 R2 or Windows 8.1 to manage GPOs, you must use AGPM 4.0 SP2. You cannot install earlier versions of AGPM on computers that are running those operating systems.
+
+Table 1 lists the operating systems on which you can install AGPM 4.0 SP2, and the policy settings that you can manage by using AGPM 4.0 SP2.
+
+**Table 2: AGPM 4.0 SP2 supported operating systems and policy settings**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left"><strong>Supported configurations for the AGPM Server</strong></th>
+<th align="left"><strong>Supported configurations for the AGPM Client</strong></th>
+<th align="left"><strong>AGPM Support</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012 R2 or Windows 8.1</p></td>
+<td align="left"><p>Windows Server 2012 R2 or Windows 8.1</p></td>
+<td align="left"><p>Supported</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2012 R2, Windows Server 2012, Windows 8.1, or Windows 8</p></td>
+<td align="left"><p>Windows Server 2012 or Windows 8</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 or Windows 8</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with Service Pack 1 (SP1)</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+<td align="left"><p>Not supported</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## AGPM 4.0 SP1
+
+
+Table 2 lists the operating systems on which you can install AGPM 4.0 SP1, and the policy settings that you can manage by using AGPM 4.0 SP1.
+
+**Table 3: AGPM 4.0 SP1 supported operating systems and policy settings**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left"><strong>Supported configurations for the AGPM Server</strong></th>
+<th align="left"><strong>Supported configurations for the AGPM Client</strong></th>
+<th align="left"><strong>AGPM Support</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012 or Windows 8</p></td>
+<td align="left"><p>Windows Server 2012 or Windows 8</p></td>
+<td align="left"><p>Supported</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows 8</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+<td align="left"><p>Supported</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2, Windows 8, or Windows 7</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## AGPM 4.0
+
+
+Table 3 lists the operating systems on which you can install AGPM 4.0, and the policy settings that you can manage by using AGPM 4.0.
+
+**Table 4: AGPM 4.0 supported operating systems and policy settings**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Supported operating systems for the AGPM Server</th>
+<th align="left">Supported operating systems for the AGPM Client</th>
+<th align="left">AGPM Support</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Supported</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2008 R2 or Windows 7</p></td>
+<td align="left"><p>Not supported</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Windows Server 2008 or Windows Vista with SP1</p></td>
+<td align="left"><p>Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Versions of AGPM that precede AGPM 4.0
+
+
+Table 4 lists the operating systems on which you can install the versions of AGPM that precede AGPM 4.0. If an operating system is not listed, you cannot install AGPM on that operating system.
+
+**Table 5: Supported operating systems for versions of AGPM that precede AGPM 4.0**
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Operating system</th>
+<th align="left">Version of AGPM that can be installed</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008</p></td>
+<td align="left"><p>3.0</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Vista with SP1</p></td>
+<td align="left"><p>3.0</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Vista with no service pack installed (32-bit)</p></td>
+<td align="left"><p>2.5</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2003 (32-bit)</p></td>
+<td align="left"><p>2.5</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## How to Get MDOP Technologies
+
+
+AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+
+## Related topics
+
+
+[Advanced Group Policy Management](index.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/common-secondary-tab-features.md

@@ -0,0 +1,127 @@
+---
+title: Common Secondary Tab Features
+description: Common Secondary Tab Features
+ms.assetid: 44a15c28-944c-49c1-8534-115ce1c362ed
+author: MaggiePucciEvans
+---
+
+# Common Secondary Tab Features
+
+
+Each secondary tab has two sections—**Group Policy objects** and **Groups and Users**.
+
+## Group Policy objects section
+
+
+The **Group Policy objects** section displays a filtered list of Group Policy objects (GPOs) and identifies the following characteristics for each GPO:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">GPO Characteristic</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Name</strong></p></td>
+<td align="left"><p>Name of the Group Policy object.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Computer (Comp.)</strong></p></td>
+<td align="left"><p>Automatically generated version of the Computer Configuration portion of the GPO.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>User</strong></p></td>
+<td align="left"><p>Automatically generated version of the User Configuration portion of the GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>State</strong></p></td>
+<td align="left"><p>The state of the selected GPO:</p>
+<p><img src="images/36f6b687-f5cc-40d1-805f-b191d1fb1ace.gif" alt="Deployed GPO icon" /> <strong>Uncontrolled:</strong> Not managed by AGPM.</p>
+<p><img src="images/57b610a5-1c71-4d26-9173-d04abd495fcc.gif" alt="Checked in GPO icon" /> <strong>Checked In:</strong> Available for authorized Editors to check out for editing or for a Group Policy administrator to deploy.</p>
+<p><img src="images/8e7a7c4e-809a-435a-8b29-30d797936210.gif" alt="Checked out GPO icon" /> <strong>Checked Out:</strong> Currently being edited. Unavailable for other Editors to check out until the Editor who checked it out or an AGPM Administrator checks it in.</p>
+<p><img src="images/0840a6a3-54a6-4528-98a9-7b122243c1a5.gif" alt="Pending GPO icon" /> <strong>Pending:</strong> Awaiting approval from a Group Policy administrator before being created, controlled, deployed, or deleted.</p>
+<p><img src="images/57b610a5-1c71-4d26-9173-d04abd495fcc.gif" alt="Checked in GPO icon" /> <strong>Deleted:</strong> Deleted from the archive, but still able to be restored.</p>
+<p><img src="images/9b65829d-253c-4f30-9295-c816a6521ed2.gif" alt="Template icon" /> <strong>Template:</strong> A static version of a GPO for use as a starting point when creating new GPOs.</p>
+<p><img src="images/cd349b8d-c4d8-45ff-b17f-7db882502c58.gif" alt="Default template icon" /> <strong>Template (default):</strong> By default, this template is the starting point used when creating a new GPO.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>GPO Status</strong></p></td>
+<td align="left"><p>The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>WMI Filter</strong></p></td>
+<td align="left"><p>Display any WMI filters that are applied to this GPO. WMI filters are managed under the <strong>WMI Filters</strong> node for the domain in the console tree of the GPMC.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Modified</strong></p></td>
+<td align="left"><p>For a controlled GPO, the most recent date when it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Owner</strong></p></td>
+<td align="left"><p>The Editor who checked in or the Approver who deployed the selected GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Groups and Users section
+
+
+When a GPO is selected, the **Groups and Users** section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, and Reviewer) or a customized combination of permissions.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Button</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Add</strong></p></td>
+<td align="left"><p>Add a new entry to the security descriptor. Any user or group in Active Directory can be added.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Remove</strong></p></td>
+<td align="left"><p>Remove the selected entry from the Access Control List.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Properties</strong></p></td>
+<td align="left"><p>Display the properties for the selected object. The properties page is the same one displayed for an object in <strong>Active Directory Users and Computers</strong>.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Advanced</strong></p></td>
+<td align="left"><p>Open the <strong>Access Control List Editor</strong>.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional considerations
+
+-   For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md), [Performing Editor Tasks](performing-editor-tasks.md), [Performing Approver Tasks](performing-approver-tasks.md), and [Performing Reviewer Tasks](performing-reviewer-tasks.md).
+
+### Additional references
+
+-   [Contents Tab](contents-tab.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-agpm-server-connections-agpm30ops.md

@@ -0,0 +1,101 @@
+---
+title: Configure AGPM Server Connections
+description: Configure AGPM Server Connections
+ms.assetid: 6062b77b-2fd7-442c-ad1b-6f14419ebd5f
+author: MaggiePucciEvans
+---
+
+# Configure AGPM Server Connections
+
+
+All versions of each controlled Group Policy Object (GPO) are stored in a central archive so that Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Review the details in "Additional considerations" in this topic.
+
+## Configuring AGPM Server connections
+
+
+As an AGPM Administrator, you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the associated setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain.
+
+-   [Configure an AGPM Server connection for all Group Policy administrators](#bkmk-defaultarchiveloc)
+
+-   [Configure additional AGPM Server connections for all Group Policy administrators](#bkmk-additionalarchiveloc)
+
+-   [Manually configure an AGPM Server connection for your account](#bkmk-manuallyconfigurearchiveloc)
+
+### <a href="" id="bkmk-defaultarchiveloc"></a>
+
+**To configure an AGPM Server connection for all Group Policy administrators**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).)
+
+2.  In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**.
+
+3.  In the details pane, double-click **AGPM: Specify default AGPM Server (all domains)**.
+
+4.  In the **Properties** window, select the **Enabled** check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600).
+
+5.  Click **OK**. Unless you want to configure additional AGPM Server connections, close the **Group Policy Management Editor** window and deploy the GPO. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators.
+
+### <a href="" id="bkmk-additionalarchiveloc"></a>
+
+**To configure additional AGPM Server connections for all Group Policy administrators**
+
+1.  If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains.
+
+2.  To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).)
+
+3.  In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and then **AGPM**.
+
+4.  In the details pane, double-click **AGPM: Specify AGPM Servers**.
+
+5.  In the **Properties** window, select the **Enabled** check box, and click **Show**.
+
+6.  In the **Show Contents** window:
+
+    1.  Click **Add**.
+
+    2.  For **Value Name**, type the domain name (for example, server1.contoso.com).
+
+    3.  For **Value**, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click **OK**. (By default, the AGPM Service listens on port 4600. To use a different port, see [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md).)
+
+    4.  Repeat for each domain not using the default AGPM Server.
+
+7.  Click **OK** to close the **Show Contents** and **Properties** windows.
+
+8.  Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators.
+
+### <a href="" id="bkmk-manuallyconfigurearchiveloc"></a>
+
+If you have centrally configured the AGPM Server connection, the option to manually configure it is unavailable for all Group Policy administrators.
+
+**To manually configure which AGPM Server to display for your account**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **AGPM Server** tab.
+
+3.  Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600).
+
+4.  Click **Apply**, then click **Yes** to confirm.
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See [Editing a GPO](editing-a-gpo-agpm30ops.md) and [Deploy a GPO](deploy-a-gpo-agpm30ops.md) for additional detail.
+
+-   The selected AGPM Server determines which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-agpm-server-connections-agpm40.md

@@ -0,0 +1,101 @@
+---
+title: Configure AGPM Server Connections
+description: Configure AGPM Server Connections
+ms.assetid: bbbb15e8-35e7-403c-b695-7a6ebeb87839
+author: MaggiePucciEvans
+---
+
+# Configure AGPM Server Connections
+
+
+All versions of each controlled Group Policy Object (GPO) are stored in a central archive so that Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Review the details in "Additional considerations" in this topic.
+
+## Configuring AGPM Server connections
+
+
+As an AGPM Administrator, you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the associated setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain.
+
+-   [Configure an AGPM Server connection for all Group Policy administrators](#bkmk-defaultarchiveloc)
+
+-   [Configure additional AGPM Server connections for all Group Policy administrators](#bkmk-additionalarchiveloc)
+
+-   [Manually configure an AGPM Server connection for your account](#bkmk-manuallyconfigurearchiveloc)
+
+### <a href="" id="bkmk-defaultarchiveloc"></a>
+
+**To configure an AGPM Server connection for all Group Policy administrators**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).)
+
+2.  In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**.
+
+3.  In the details pane, double-click **AGPM: Specify default AGPM Server (all domains)**.
+
+4.  In the **Properties** window, select the **Enabled** check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600).
+
+5.  Click **OK**. Unless you want to configure additional AGPM Server connections, close the **Group Policy Management Editor** window and deploy the GPO. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators.
+
+### <a href="" id="bkmk-additionalarchiveloc"></a>
+
+**To configure additional AGPM Server connections for all Group Policy administrators**
+
+1.  If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains.
+
+2.  To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).)
+
+3.  In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and then **AGPM**.
+
+4.  In the details pane, double-click **AGPM: Specify AGPM Servers**.
+
+5.  In the **Properties** window, select the **Enabled** check box, and click **Show**.
+
+6.  In the **Show Contents** window:
+
+    1.  Click **Add**.
+
+    2.  For **Value Name**, type the domain name (for example, server1.contoso.com).
+
+    3.  For **Value**, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click **OK**. (By default, the AGPM Service listens on port 4600. To use a different port, see [Modify the AGPM Service](modify-the-agpm-service-agpm40.md).)
+
+    4.  Repeat for each domain not using the default AGPM Server.
+
+7.  Click **OK** to close the **Show Contents** and **Properties** windows.
+
+8.  Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators.
+
+### <a href="" id="bkmk-manuallyconfigurearchiveloc"></a>
+
+If you have centrally configured the AGPM Server connection, the option to manually configure it is unavailable for all Group Policy administrators.
+
+**To manually configure which AGPM Server to display for your account**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **AGPM Server** tab.
+
+3.  Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600).
+
+4.  Click **Apply**, then click **Yes** to confirm.
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See [Editing a GPO](editing-a-gpo-agpm40.md) and [Deploy a GPO](deploy-a-gpo-agpm40.md) for additional detail.
+
+-   The selected AGPM Server determines which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-an-agpm-server-connection-agpm40.md

@@ -0,0 +1,38 @@
+---
+title: Configure an AGPM Server Connection
+description: Configure an AGPM Server Connection
+ms.assetid: 409cbbcf-3b0e-459d-9bd2-75cb7b9430b0
+author: MaggiePucciEvans
+---
+
+# Configure an AGPM Server Connection
+
+
+To ensure that you are connected to the correct central archive, review the configuration of the AGPM Server connection. If an AGPM Administrator (Full Control) has not configured an AGPM Server connection for you, then you must manually configure it.
+
+**To select an AGPM Server**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **AGPM Server** tab:
+
+    -   If the options on the **AGPM Server** tab are unavailable, they have been centrally configured by an AGPM Administrator.
+
+    -   If the options on the **AGPM Server** tab are available, type the fully-qualified computer name for the AGPM Server (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). Click **Apply**, then click **Yes** to confirm.
+
+### Additional considerations
+
+-   The AGPM Servers selected determine which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.
+
+### Additional references
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md

@@ -0,0 +1,42 @@
+---
+title: Configure an AGPM Server Connection
+description: Configure an AGPM Server Connection
+ms.assetid: ae78dc74-111d-4509-b0a6-e8b8b451c22a
+author: MaggiePucciEvans
+---
+
+# Configure an AGPM Server Connection
+
+
+To ensure that you are connected to the correct central archive, review the configuration of the AGPM Server connection. If an AGPM Administrator (Full Control) has not configured an AGPM Server connection for you, then you must manually configure it.
+
+**To select an AGPM Server**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **AGPM Server** tab:
+
+    -   If the options on the **AGPM Server** tab are unavailable, they have been centrally configured by an AGPM Administrator.
+
+    -   If the options on the **AGPM Server** tab are available, type the fully-qualified computer name for the AGPM Server (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). Click **Apply**, then click **Yes** to confirm.
+
+### Additional considerations
+
+-   The AGPM Servers selected determine which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.
+
+### Additional references
+
+-   [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md)
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-e-mail-notification-agpm30ops.md

@@ -0,0 +1,50 @@
+---
+title: Configure E-Mail Notification
+description: Configure E-Mail Notification
+ms.assetid: b32ce395-d1b9-4c5b-b765-97cdbf455f9e
+author: MaggiePucciEvans
+---
+
+# Configure E-Mail Notification
+
+
+When an Editor or a Reviewer attempts to create, deploy, or delete a Group Policy Object (GPO), a request for this action is sent to a designated e-mail address or addresses so that an Approver can evaluate the request and implement or deny it. You determine the e-mail address or addresses to which notifications are sent, as well as the alias from which notifications are sent.
+
+A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To configure e-mail notification for AGPM**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **Domain Delegation** tab.
+
+3.  In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
+
+4.  In the **To e-mail address** field, type a comma-delimited list of e-mail addresses of Approvers who should receive requests for approval.
+
+5.  In the **SMTP server** field, type a valid SMTP mail server.
+
+6.  In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service.
+
+7.  Click **Apply**.
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain.
+
+-   E-mail notification for AGPM is a domain-level setting. You can provide different Approver e-mail addresses or AGPM e-mail aliases on each domain's **Domain Delegation** tab, or use the same e-mail addresses throughout your environment.
+
+-   By default, e-mail messages sent as a result of actions in Advanced Group Policy Management (AGPM) are not encrypted. However, you can configure e-mail security for AGPM using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use. For more information, see [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm30ops.md)
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-e-mail-notification-agpm40.md

@@ -0,0 +1,50 @@
+---
+title: Configure E-Mail Notification
+description: Configure E-Mail Notification
+ms.assetid: 06f19556-f296-4a80-86a4-4f446c992204
+author: MaggiePucciEvans
+---
+
+# Configure E-Mail Notification
+
+
+When an Editor or a Reviewer attempts to create, deploy, or delete a Group Policy Object (GPO), a request for this action is sent to a designated e-mail address or addresses so that an Approver can evaluate the request and implement or deny it. You determine the e-mail address or addresses to which notifications are sent, as well as the alias from which notifications are sent.
+
+A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To configure e-mail notification for AGPM**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **Domain Delegation** tab.
+
+3.  In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
+
+4.  In the **To e-mail address** field, type a comma-delimited list of e-mail addresses of Approvers who should receive requests for approval.
+
+5.  In the **SMTP server** field, type a valid SMTP mail server.
+
+6.  In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service.
+
+7.  Click **Apply**.
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain.
+
+-   E-mail notification for AGPM is a domain-level setting. You can provide different Approver e-mail addresses or AGPM e-mail aliases on each domain's **Domain Delegation** tab, or use the same e-mail addresses throughout your environment.
+
+-   By default, e-mail messages sent as a result of actions in Advanced Group Policy Management (AGPM) are not encrypted. However, you can configure e-mail security for AGPM using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use. For more information, see [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm40.md).
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-e-mail-notification.md

@@ -0,0 +1,48 @@
+---
+title: Configure E-Mail Notification
+description: Configure E-Mail Notification
+ms.assetid: 6e152de0-4376-4963-8d1a-3e7f5866d30f
+author: MaggiePucciEvans
+---
+
+# Configure E-Mail Notification
+
+
+When an Editor or a Reviewer attempts to create, deploy, or delete a Group Policy object (GPO), a request for this action is sent to a designated e-mail address or addresses so that an Approver can evaluate the request and implement or deny it. You determine the e-mail address or addresses to which notifications are sent, as well as the alias from which notifications are sent.
+
+A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To configure e-mail notification for AGPM**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **Domain Delegation** tab.
+
+3.  In the **From** field, type the e-mail alias for AGPM from which notifications should be sent.
+
+4.  In the **To** field, type a comma-delimited list of e-mail addresses of Approvers who should receive requests for approval.
+
+5.  In the **SMTP server** field, type a valid SMTP mail server.
+
+6.  In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service.
+
+7.  Click **Apply**.
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain.
+
+-   E-mail notification for AGPM is a domain-level setting. You can provide different Approver e-mail addresses or AGPM e-mail aliases on each domain's **Domain Delegation** tab, or use the same e-mail addresses throughout your environment.
+
+### Additional references
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md

@@ -0,0 +1,83 @@
+---
+title: Configure E-Mail Security for AGPM
+description: Configure E-Mail Security for AGPM
+ms.assetid: 4850ed8e-a1c6-43f0-95c5-853aa66a94ae
+author: MaggiePucciEvans
+---
+
+# Configure E-Mail Security for AGPM
+
+
+By default, e-mail notifications sent because of actions in Advanced Group Policy Management (AGPM) are not encrypted and are sent through SMTP port 25. However, you can configure e-mail security for AGPM by using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use.
+
+By encrypting AGPM e-mail notifications, you can better protect those that could reveal sensitive information about your organization’s security. Encrypting e-mail notifications is recommended when they are being relayed through remote mail servers, and may be required by some compliance regulations.
+
+**Caution**  
+Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
+
+ 
+
+A user account that has the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account that has the necessary permissions in AGPM is required to complete these procedures. Review the details in "Additional considerations" in this topic.
+
+**To configure e-mail security for AGPM by using Group Policy preferences**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all AGPM Servers for which you want to configure e-mail security. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).)
+
+2.  In the **Group Policy Management Editor** window, expand the **Computer Configuration**, **Preferences**, **Windows Settings**, and **Registry** folders.
+
+3.  In the console tree, right-click **Registry**, point to **New**, click **Collection Item**, and type **AGPM e-mail security**.
+
+4.  Create a Registry preference item to turn on encryption:
+
+    1.  In the console tree, right-click **AGPM e-mail security**, point to **New**, and then click **Registry Item**.
+
+    2.  In the **New Registry Properties** dialog box, select the **Update** action.
+
+    3.  For **Hive**, select **HKEY\_LOCAL\_MACHINE**.
+
+    4.  For **Key Path**, type **SOFTWARE\\Microsoft\\AGPM**.
+
+    5.  For **Value name**, type **EncryptSmtp**.
+
+    6.  For **Value type**, select **REG\_DWORD**.
+
+    7.  For **Base**, select **Decimal**, and for **Value data**, type **1** to use SSL encryption, or **0** to let e-mail to be sent without encryption. By default, e-mail is sent without encryption.
+
+    8.  Click **OK**.
+
+5.  Create a Registry preference item to specify the SMTP port:
+
+    1.  In the console tree, right-click **AGPM E-mail security**, point to **New**, and then click **Registry Item**.
+
+    2.  In the **New Registry Properties** dialog box, select the **Update** action.
+
+    3.  For **Hive**, select **HKEY\_LOCAL\_MACHINE**.
+
+    4.  For **Key Path** dialog box, type **SOFTWARE\\Microsoft\\AGPM**.
+
+    5.  For **Value name**, type **SmtpPort**.
+
+    6.  For **Value type**, select **REG\_DWORD**.
+
+    7.  For **Base**, select **Decimal**, and for **Value data**, type a port number for the SMTP port. By default, the SMTP port is port 25 if encryption is not enabled or port 587 if SSL encryption is enabled.
+
+    8.  Click **OK**.
+
+6.  Close the **Group Policy Management Editor** window, and then check in and deploy the GPO. For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to configure registry settings by using Group Policy Preferences. See [Editing a GPO](editing-a-gpo-agpm30ops.md) and [Deploy a GPO](deploy-a-gpo-agpm30ops.md) for additional detail.
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md

@@ -0,0 +1,79 @@
+---
+title: Configure E-Mail Security for AGPM
+description: Configure E-Mail Security for AGPM
+ms.assetid: b9c48894-0a10-4d03-8027-50ed3b02485a
+author: MaggiePucciEvans
+---
+
+# Configure E-Mail Security for AGPM
+
+
+By default, e-mail notifications sent because of actions in Advanced Group Policy Management (AGPM) are not encrypted and are sent through SMTP port 25. However, you can configure e-mail security for AGPM by using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use.
+
+By encrypting AGPM e-mail notifications, you can better protect those that could reveal sensitive information about your organization’s security. Encrypting e-mail notifications is recommended when they are being relayed through remote mail servers, and may be required by some compliance regulations.
+
+**Caution**  
+Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
+
+ 
+
+A user account that has the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account that has the necessary permissions in AGPM is required to complete these procedures. Review the details in "Additional considerations" in this topic.
+
+**To configure e-mail security for AGPM by using Group Policy preferences**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all AGPM Servers for which you want to configure e-mail security. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).)
+
+2.  In the **Group Policy Management Editor** window, expand the **Computer Configuration**, **Preferences**, **Windows Settings**, and **Registry** folders.
+
+3.  In the console tree, right-click **Registry**, point to **New**, click **Collection Item**, and type **AGPM e-mail security**.
+
+4.  Create a Registry preference item to turn on encryption:
+
+    1.  In the console tree, right-click **AGPM e-mail security**, point to **New**, and then click **Registry Item**.
+
+    2.  In the **New Registry Properties** dialog box, select the **Update** action.
+
+    3.  For **Hive**, select **HKEY\_LOCAL\_MACHINE**.
+
+    4.  For **Key Path**, type **SOFTWARE\\Microsoft\\AGPM**.
+
+    5.  For **Value name**, type **EncryptSmtp**.
+
+    6.  For **Value type**, select **REG\_DWORD**.
+
+    7.  For **Base**, select **Decimal**, and for **Value data**, type **1** to use SSL encryption, or **0** to let e-mail to be sent without encryption. By default, e-mail is sent without encryption. Click **OK**.
+
+5.  Create a Registry preference item to specify the SMTP port:
+
+    1.  In the console tree, right-click **AGPM E-mail security**, point to **New**, and then click **Registry Item**.
+
+    2.  In the **New Registry Properties** dialog box, select the **Update** action.
+
+    3.  For **Hive**, select **HKEY\_LOCAL\_MACHINE**.
+
+    4.  For **Key Path** dialog box, type **SOFTWARE\\Microsoft\\AGPM**.
+
+    5.  For **Value name**, type **SmtpPort**.
+
+    6.  For **Value type**, select **REG\_DWORD**.
+
+    7.  For **Base**, select **Decimal**, and for **Value data**, type a port number for the SMTP port. By default, the SMTP port is port 25 if encryption is not enabled or port 587 if SSL encryption is enabled. Click **OK**.
+
+6.  Close the **Group Policy Management Editor** window, and then check in and deploy the GPO. For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to configure registry settings by using Group Policy Preferences. See [Editing a GPO](editing-a-gpo-agpm40.md) and [Deploy a GPO](deploy-a-gpo-agpm40.md) for additional detail.
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-logging-and-tracing-agpm30ops.md

@@ -0,0 +1,50 @@
+---
+title: Configure Logging and Tracing
+description: Configure Logging and Tracing
+ms.assetid: 4f89552f-e949-48b0-9325-23746034eaa4
+author: MaggiePucciEvans
+---
+
+# Configure Logging and Tracing
+
+
+You can centrally configure optional logging and tracing using Administrative templates. This may be helpful when diagnosing any problems related to Advanced Group Policy Management (AGPM).
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account with the necessary permissions in AGPM is required to complete these procedures. Additionally, a user account with access to the AGPM Server is required to initiate logging on the AGPM Server. Review the details in "Additional considerations" in this topic.
+
+**To configure logging and tracing for AGPM**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators for which you want to turn on logging and tracing. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).)
+
+2.  In the **Group Policy Management Editor** window, click **Computer Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**.
+
+3.  In the details pane, double-click **AGPM: Configure logging**.
+
+4.  In the **Properties** window, click **Enabled**, and configure the level of detail to record in the logs.
+
+5.  Click **OK**.
+
+6.  Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).) After Group Policy is updated, you must restart the AGPM Service to start, modify, or stop logging on the AGPM Server. Group Policy administrators must close and restart the GPMC to start, modify, or stop logging on their computers.
+
+    **Trace file locations**:
+
+    -   Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log
+
+    -   Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo-agpm30ops.md) and [Deploy a GPO](deploy-a-gpo-agpm30ops.md) for additional detail.
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-logging-and-tracing-agpm40.md

@@ -0,0 +1,50 @@
+---
+title: Configure Logging and Tracing
+description: Configure Logging and Tracing
+ms.assetid: 2418cb6a-7189-4080-8fe2-9c8d47dec62c
+author: MaggiePucciEvans
+---
+
+# Configure Logging and Tracing
+
+
+You can centrally configure optional logging and tracing using Administrative templates. This may be helpful when diagnosing any problems related to Advanced Group Policy Management (AGPM).
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account with the necessary permissions in AGPM is required to complete these procedures. Additionally, a user account with access to the AGPM Server is required to initiate logging on the AGPM Server. Review the details in "Additional considerations" in this topic.
+
+**To configure logging and tracing for AGPM**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators for which you want to turn on logging and tracing. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).)
+
+2.  In the **Group Policy Management Editor** window, click **Computer Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**.
+
+3.  In the details pane, double-click **AGPM: Configure logging**.
+
+4.  In the **Properties** window, click **Enabled**, and configure the level of detail to record in the logs.
+
+5.  Click **OK**.
+
+6.  Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).) After Group Policy is updated, you must restart the AGPM Service to start, modify, or stop logging on the AGPM Server. Group Policy administrators must close and restart the GPMC to start, modify, or stop logging on their computers.
+
+    **Trace file locations**:
+
+    -   Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log
+
+    -   Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo-agpm40.md) and [Deploy a GPO](deploy-a-gpo-agpm40.md) for additional detail.
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-logging-and-tracing.md

@@ -0,0 +1,58 @@
+---
+title: Configure Logging and Tracing
+description: Configure Logging and Tracing
+ms.assetid: 419231f9-e9db-4f91-a7cf-a0a73db25256
+author: MaggiePucciEvans
+---
+
+# Configure Logging and Tracing
+
+
+You can centrally configure optional logging and tracing for Advanced Group Policy Management (AGPM) using Administrative templates.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete these procedures. Additionally, a user account with access to the AGPM Server is required to initiate logging on the AGPM Server. Review the details in "Additional considerations" in this topic.
+
+**To configure logging and tracing for AGPM**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators for which you want to turn on logging and tracing. (For more information, see [Editing a GPO](editing-a-gpo.md).)
+
+2.  In the **Group Policy Object Editor**, click **Computer Configuration**, **Administrative Templates**, and **Windows Components**.
+
+3.  If **AGPM** is not listed under **Windows Components**:
+
+    1.  Right-click **Administrative Templates** and click **Add/Remove Templates**.
+
+    2.  Click **Add**, select **agpm.admx** or **agpm.adm**, click **Open**, and then click **Close**.
+
+4.  Under **Windows Components**, double-click **AGPM**.
+
+5.  In the details pane, double-click **AGPM Logging**.
+
+6.  In the **AGPM Logging Properties** window, click **Enabled**, and configure the level of detail to record in the logs.
+
+7.  Click **OK**.
+
+8.  Close the **Group Policy Object Editor**. (For more information, see [Deploy a GPO](deploy-a-gpo.md).) After Group Policy is updated, you must restart the AGPM Service to begin logging on the AGPM Server. Group Policy administrators must close and restart the GPMC to begin logging on their computers.
+
+    **Trace file locations**:
+
+    -   Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log
+
+    -   Server: %CommonAppData%\\Microsoft\\AGPM\\agpmserv.log
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to confige AGPM logging and tracing. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail.
+
+### Additional references
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-the-agpm-server-connection-reviewer.md

@@ -0,0 +1,42 @@
+---
+title: Configure the AGPM Server Connection
+description: Configure the AGPM Server Connection
+ms.assetid: 74e8f348-a8ed-4d69-a8e0-9c974aaeca2d
+author: MaggiePucciEvans
+---
+
+# Configure the AGPM Server Connection
+
+
+To ensure that you are connected to the correct central archive, review the configuration of the AGPM Server connection. If an AGPM Administrator (Full Control) has not configured the AGPM Server connection for you, then you must manually configure it.
+
+**To select an AGPM Server**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **AGPM Server** tab:
+
+    -   If the options on the **AGPM Server** tab are unavailable, they have been centrally configured by an AGPM Administrator.
+
+    -   If the options on the **AGPM Server** tab are available, type the fully-qualified computer name for the AGPM Server (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). Click **Apply**, then click **Yes** to confirm.
+
+### Additional considerations
+
+-   The AGPM Servers selected determine which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.
+
+### Additional references
+
+-   [Performing Editor Tasks](performing-editor-tasks.md)
+
+-   [Performing Approver Tasks](performing-approver-tasks.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configure-the-agpm-server-connection.md

@@ -0,0 +1,109 @@
+---
+title: Configure the AGPM Server Connection
+description: Configure the AGPM Server Connection
+ms.assetid: 9a42b5bc-41be-44ef-a6e2-6f56e2cf1996
+author: MaggiePucciEvans
+---
+
+# Configure the AGPM Server Connection
+
+
+Advanced Group Policy Management (AGPM) stores all versions of each controlled Group Policy object (GPO) in a central archive, so Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Review the details in "Additional considerations" in this topic.
+
+## Configuring the AGPM Server connection
+
+
+As an AGPM Administrator (Full Control), you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain.
+
+-   [Configure an AGPM Server for all Group Policy administrators](#bkmk-defaultarchiveloc)
+
+-   [Configure additional AGPM Servers for all Group Policy administrators](#bkmk-additionalarchiveloc)
+
+-   [Manually configure an AGPM Server for your account](#bkmk-manuallyconfigurearchiveloc)
+
+### <a href="" id="bkmk-defaultarchiveloc"></a>
+
+**To configure an AGPM Server for all Group Policy administrators**
+
+1.  In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo.md).)
+
+2.  In the **Group Policy Object Editor**, click **User Configuration**, **Administrative Templates**, and **Windows Components**.
+
+3.  If **AGPM** is not listed under **Windows Components**:
+
+    1.  Right-click **Administrative Templates** and click **Add/Remove Templates**.
+
+    2.  Click **Add**, select **agpm.admx** or **agpm.adm**, click **Open**, and then click **Close**.
+
+4.  Under **Windows Components**, double-click **AGPM**.
+
+5.  In the details pane, double-click **AGPM Server (all domains)**.
+
+6.  In the **AGPM Server (all domains) Properties** window, select the **Enabled** check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600).
+
+7.  Click **OK**. Unless you want to configure additional AGPM Server connections, close the **Group Policy Object Editor** and deploy the GPO. (For more information, see [Deploy a GPO](deploy-a-gpo.md).) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators.
+
+### <a href="" id="bkmk-additionalarchiveloc"></a>
+
+**To configure additional AGPM Servers for all Group Policy administrators**
+
+1.  If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains.
+
+2.  To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo.md).)
+
+3.  Under **User Configuration** in the **Group Policy Object Editor**, double-click **Administrative Templates**, **Windows Components**, and then **AGPM**.
+
+4.  In the details pane, double-click **AGPM Server**.
+
+5.  In the **AGPM Server Properties** window, select the **Enabled** check box, and click **Show**.
+
+6.  In the **Show Contents** window:
+
+    1.  Click **Add**.
+
+    2.  For **Value Name**, type the domain name (for example, server1.contoso.com).
+
+    3.  For **Value**, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click **OK**. (By default, the AGPM Service listens on port 4600. To use a different port, see [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md).)
+
+    4.  Repeat for each domain not using the default AGPM Server.
+
+7.  Click **OK** to close the **Show Contents** and **AGPM Server Properties** windows.
+
+8.  Close the **Group Policy Object Editor**. (For more information, see [Deploy a GPO](deploy-a-gpo.md).) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators.
+
+### <a href="" id="bkmk-manuallyconfigurearchiveloc"></a>
+
+If you have centrally configured the AGPM Server connection, the option to manually it is unavailable for all Group Policy administrators.
+
+**To manually configure the AGPM Server to display for your account**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  In the details pane, click the **AGPM Server** tab.
+
+3.  Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600).
+
+4.  Click **Apply**, then click **Yes** to confirm.
+
+### Additional considerations
+
+-   You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail.
+
+-   The AGPM Server selected determines which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative Template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain.
+
+-   Membership in the Group Policy Creator Owners group should be restricted so that it is not used to circumvent the management of access to GPOs by AGPM. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configuring-advanced-group-policy-management-agpm40.md

@@ -0,0 +1,38 @@
+---
+title: Configuring Advanced Group Policy Management
+description: Configuring Advanced Group Policy Management
+ms.assetid: 8c978ddf-2789-44e4-9c08-de7b4cd1afa0
+author: MaggiePucciEvans
+---
+
+# Configuring Advanced Group Policy Management
+
+
+In Advanced Group Policy Management (AGPM), as an AGPM Administrator (Full Control), you can centrally configure AGPM Server connections for Group Policy administrators, configure e-mail notification for AGPM, configure optional e-mail security for AGPM, delegate access to Group Policy Objects (GPOs) in the production environment of the domain, and configure logging and tracing for troubleshooting.
+
+-   [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md)
+
+-   [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md)
+
+-   [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm40.md)
+
+-   [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm40.md)
+
+-   [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md)
+
+### Additional references
+
+-   For information about delegating access to GPOs in the archive, see [Managing the Archive](managing-the-archive-agpm40.md).
+
+-   For information about how to restrict the number of versions of each GPO stored in the archive, see [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm40.md).
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/configuring-advanced-group-policy-management.md

@@ -0,0 +1,38 @@
+---
+title: Configuring Advanced Group Policy Management
+description: Configuring Advanced Group Policy Management
+ms.assetid: 836f4a49-2c77-4f6b-8727-9df7ef443141
+author: MaggiePucciEvans
+---
+
+# Configuring Advanced Group Policy Management
+
+
+In Advanced Group Policy Management (AGPM), as an AGPM Administrator (Full Control), you can centrally configure AGPM Server connections for Group Policy administrators, configure e-mail notification for AGPM, configure optional e-mail security for AGPM, delegate access to Group Policy Objects (GPOs) in the production environment, and configure logging and tracing for troubleshooting.
+
+-   [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md)
+
+-   [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md)
+
+-   [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm30ops.md)
+
+-   [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm30ops.md)
+
+-   [Configure Logging and Tracing](configure-logging-and-tracing-agpm30ops.md)
+
+### Additional references
+
+-   For information about delegating access to GPOs in the archive, see [Managing the Archive](managing-the-archive.md).
+
+-   For information about how to restrict the number of versions of each GPO stored in the archive, see [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm30ops.md).
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/contents-tab-agpm30ops.md

@@ -0,0 +1,54 @@
+---
+title: Contents Tab
+description: Contents Tab
+ms.assetid: 6ada6430-cd93-47aa-af6e-d7f5b5620132
+author: MaggiePucciEvans
+---
+
+# Contents Tab
+
+
+The **Contents** tab on the **Change Control** pane provides access to Group Policy Objects (GPOs) and a shortcut menu for managing GPOs. The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership stake in the GPO being managed. Additionally, these shortcut menus differ with the state of the GPO being managed.
+
+The following secondary tabs filter the list of GPOs displayed:
+
+-   **Controlled**: GPOs managed by Advanced Group Policy Management (AGPM)
+
+-   **Uncontrolled**: GPOs not managed by AGPM
+
+-   **Pending**: GPO changes awaiting approval by an Approver
+
+-   **Templates**: GPO templates for creating new GPOs and comparing to existing GPOs
+
+-   **Recycle Bin**: Deleted GPOs
+
+The **Contents** tab and its secondary tabs provide details about each GPO and access to the history of each GPO:
+
+-   [Contents Tab Features](contents-tab-features-agpm30ops.md)
+
+-   [History Window](history-window-agpm30ops.md)
+
+When you right-click GPOs on any secondary tab, a shortcut menu unique to that tab is displayed, providing commands for managing the GPOs:
+
+-   [Controlled GPO Commands](controlled-gpo-commands-agpm30ops.md)
+
+-   [Uncontrolled GPO Commands](uncontrolled-gpo-commands-agpm30ops.md)
+
+-   [Pending GPO Commands](pending-gpo-commands-agpm30ops.md)
+
+-   [Template Commands](template-commands-agpm30ops.md)
+
+-   [Recycle Bin Commands](recycle-bin-commands-agpm30ops.md)
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/contents-tab-agpm40.md

@@ -0,0 +1,54 @@
+---
+title: Contents Tab
+description: Contents Tab
+ms.assetid: cf9d1f17-3c3d-422f-bd6b-3db87be45554
+author: MaggiePucciEvans
+---
+
+# Contents Tab
+
+
+The **Contents** tab on the **Change Control** pane provides access to Group Policy Objects (GPOs) and a shortcut menu for managing GPOs. The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership stake in the GPO being managed. Additionally, these shortcut menus differ with the state of the GPO being managed.
+
+The following secondary tabs filter the list of GPOs displayed:
+
+-   **Controlled**: GPOs managed by Advanced Group Policy Management (AGPM)
+
+-   **Uncontrolled**: GPOs not managed by AGPM
+
+-   **Pending**: GPO changes awaiting approval by an Approver
+
+-   **Templates**: GPO templates for creating new GPOs and comparing to existing GPOs
+
+-   **Recycle Bin**: Deleted GPOs
+
+The **Contents** tab and its secondary tabs provide details about each GPO and access to the history of each GPO:
+
+-   [Contents Tab Features](contents-tab-features-agpm40.md)
+
+-   [History Window](history-window-agpm40.md)
+
+When you right-click GPOs on any secondary tab, a shortcut menu unique to that tab is displayed, providing commands for managing the GPOs:
+
+-   [Controlled GPO Commands](controlled-gpo-commands-agpm40.md)
+
+-   [Uncontrolled GPO Commands](uncontrolled-gpo-commands-agpm40.md)
+
+-   [Pending GPO Commands](pending-gpo-commands-agpm40.md)
+
+-   [Template Commands](template-commands-agpm40.md)
+
+-   [Recycle Bin Commands](recycle-bin-commands-agpm40.md)
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/contents-tab-features-agpm30ops.md

@@ -0,0 +1,124 @@
+---
+title: Contents Tab Features
+description: Contents Tab Features
+ms.assetid: 725f025a-c30a-4d07-add1-4e0ed9a1a5fd
+author: MaggiePucciEvans
+---
+
+# Contents Tab Features
+
+
+Each secondary tab within the **Contents** tab has two sections—**Group Policy objects** and **Groups and Users**.
+
+## Group Policy objects section
+
+
+The **Group Policy objects** section displays a filtered list of Group Policy Objects (GPOs) and identifies the following attributes for each GPO:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">GPO attribute</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Name</strong></p></td>
+<td align="left"><p>Name of the GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>State</strong></p></td>
+<td align="left"><p>The state of the selected GPO</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Changed By</strong></p></td>
+<td align="left"><p>The Editor who checked in or the Approver who deployed the selected GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Change Date</strong></p></td>
+<td align="left"><p>For a controlled GPO, the most recent date it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Comment</strong></p></td>
+<td align="left"><p>A comment entered by the person who checked in or deployed a GPO at the time that it was modified. Useful for identifying the specifics of the version in case of the need to roll back to a previous version.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Computer Version</strong></p></td>
+<td align="left"><p>Automatically generated version of the Computer Configuration portion of the GPO.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>User Version</strong></p></td>
+<td align="left"><p>Automatically generated version of the User Configuration portion of the GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>GPO Status</strong></p></td>
+<td align="left"><p>The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>WMI Filter</strong></p></td>
+<td align="left"><p>Display any WMI filters that are applied to this GPO. WMI filters are managed under the <strong>WMI Filters</strong> folder for the domain in the console tree of the GPMC.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Groups and Users section
+
+
+When a GPO is selected, the **Groups and Users** section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Button</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Add</strong></p></td>
+<td align="left"><p>Add a new entry to the security descriptor. Any user or group in Active Directory can be added.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Remove</strong></p></td>
+<td align="left"><p>Remove the selected entry from the Access Control List.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Properties</strong></p></td>
+<td align="left"><p>Display the properties for the selected object. The properties page is the same one displayed for an object in <strong>Active Directory Users and Computers</strong>.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Advanced</strong></p></td>
+<td align="left"><p>Open the <strong>Access Control List Editor</strong>.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional considerations
+
+-   For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md), [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md), [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md), and [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md).
+
+### Additional references
+
+-   [Contents Tab](contents-tab-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/contents-tab-features-agpm40.md

@@ -0,0 +1,124 @@
+---
+title: Contents Tab Features
+description: Contents Tab Features
+ms.assetid: f1f4849d-bf94-47d5-ad81-0eee33abcaca
+author: MaggiePucciEvans
+---
+
+# Contents Tab Features
+
+
+Each secondary tab within the **Contents** tab has two sections—**Group Policy objects** and **Groups and Users**.
+
+## Group Policy objects section
+
+
+The **Group Policy objects** section displays a filtered list of Group Policy Objects (GPOs) and identifies the following attributes for each GPO. You can use the **Search** box to search for GPOs with specific attributes. For more information, see [Search and Filter the List of GPOs](search-and-filter-the-list-of-gpos.md).
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">GPO attribute</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Name</strong></p></td>
+<td align="left"><p>Name of the GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>State</strong></p></td>
+<td align="left"><p>The state of the selected GPO</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Changed By</strong></p></td>
+<td align="left"><p>The Editor who checked in or the Approver who deployed the selected GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Change Date</strong></p></td>
+<td align="left"><p>For a controlled GPO, the most recent date it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Comment</strong></p></td>
+<td align="left"><p>A comment entered by the person who checked in or deployed a GPO at the time that it was modified. Useful for identifying the specifics of the version in case of the need to roll back to an earlier version.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Computer Version</strong></p></td>
+<td align="left"><p>Automatically generated version of the Computer Configuration part of the GPO.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>User Version</strong></p></td>
+<td align="left"><p>Automatically generated version of the User Configuration part of the GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>GPO Status</strong></p></td>
+<td align="left"><p>The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>WMI Filter</strong></p></td>
+<td align="left"><p>Display any WMI filters that are applied to this GPO. WMI filters are managed under the <strong>WMI Filters</strong> folder for the domain in the console tree of the GPMC.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Groups and Users section
+
+
+When a GPO is selected, the **Groups and Users** section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Button</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Add</strong></p></td>
+<td align="left"><p>Add a new entry to the security descriptor. Any user or group in Active Directory can be added.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Remove</strong></p></td>
+<td align="left"><p>Remove the selected entry from the Access Control List.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Properties</strong></p></td>
+<td align="left"><p>Display the properties for the selected object. The properties page is the same one displayed for an object in <strong>Active Directory Users and Computers</strong>.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Advanced</strong></p></td>
+<td align="left"><p>Open the <strong>Access Control List Editor</strong>.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional considerations
+
+-   For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md), [Performing Editor Tasks](performing-editor-tasks-agpm40.md), [Performing Approver Tasks](performing-approver-tasks-agpm40.md), and [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md).
+
+### Additional references
+
+-   [Contents Tab](contents-tab-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/contents-tab.md

@@ -0,0 +1,42 @@
+---
+title: Contents Tab
+description: Contents Tab
+ms.assetid: 8a756bc1-3900-4d83-93c4-7ebc4705d956
+author: MaggiePucciEvans
+---
+
+# Contents Tab
+
+
+The **Contents** tab on the **Change Control** pane provides access to Group Policy objects (GPOs) and a shortcut menu for managing GPOs. The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership stake in the GPO being managed. Additionally, these shortcut menus differ with the state of the GPO being managed.
+
+The secondary tabs filter the list of GPOs displayed.
+
+-   [Controlled Tab](controlled-tab.md): GPOs managed by AGPM
+
+-   [Uncontrolled Tab](uncontrolled-tab.md): GPOs not managed by AGPM
+
+-   [Pending Tab](pending-tab.md): GPO changes awaiting approval by an Approver
+
+-   [Templates Tab](templates-tab.md): GPO templates for creating new GPOs and comparing to existing GPOs
+
+-   [Recycle Bin Tab](recycle-bin-tab.md): Deleted GPOs
+
+Additionally, the secondary tabs provide access to the History of each GPO and to other features:
+
+-   [Common Secondary Tab Features](common-secondary-tab-features.md)
+
+-   [History Window](history-window.md)
+
+### Additional references
+
+-   [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/control-a-previously-uncontrolled-gpo.md

@@ -0,0 +1,42 @@
+---
+title: Control a Previously Uncontrolled GPO
+description: Control a Previously Uncontrolled GPO
+ms.assetid: 452689a9-4e32-4e3b-8208-56353a82bf36
+author: MaggiePucciEvans
+---
+
+# Control a Previously Uncontrolled GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy object (GPO), you must first control the GPO with AGPM.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To control a previously uncontrolled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs.
+
+3.  Right-click the GPO to be controlled with AGPM, and then click **Control**.
+
+4.  Type a comment to be displayed in the history of the GPO, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Controlled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain.
+
+### Additional references
+
+-   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md

@@ -0,0 +1,42 @@
+---
+title: Control an Uncontrolled GPO
+description: Control an Uncontrolled GPO
+ms.assetid: 603f00f9-1e65-4b2f-902a-e53dafedbd8d
+author: MaggiePucciEvans
+---
+
+# Control an Uncontrolled GPO
+
+
+To provide change control for a Group Policy Object (GPO), you must first control the GPO.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To control an uncontrolled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs.
+
+3.  Right-click the GPO to be controlled with AGPM, and then click **Control**.
+
+4.  Type a comment to be displayed in the history of the GPO, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Controlled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain.
+
+### Additional references
+
+-   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/control-an-uncontrolled-gpo-agpm40.md

@@ -0,0 +1,42 @@
+---
+title: Control an Uncontrolled GPO
+description: Control an Uncontrolled GPO
+ms.assetid: dc81545c-8da5-4b6f-b266-f01a82e27c6b
+author: MaggiePucciEvans
+---
+
+# Control an Uncontrolled GPO
+
+
+To provide change control for a Group Policy Object (GPO), you must first control the GPO.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To control an uncontrolled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs.
+
+3.  Right-click the GPO to be controlled with AGPM, and then click **Control**.
+
+4.  Type a comment to be displayed in the history of the GPO, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Controlled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain.
+
+### Additional references
+
+-   [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/controlled-gpo-commands-agpm30ops.md

@@ -0,0 +1,202 @@
+---
+title: Controlled GPO Commands
+description: Controlled GPO Commands
+ms.assetid: 82db4772-154a-4a8d-99cd-2c69e1738698
+author: MaggiePucciEvans
+---
+
+# Controlled GPO Commands
+
+
+The **Controlled** tab:
+
+-   Displays a list of Group Policy Objects (GPOs) managed by Advanced Group Policy Management (AGPM).
+
+-   Provides a shortcut menu with commands for managing GPOs and for displaying the history and reports for GPOs.
+
+-   Displays a list of the groups and users who have permission to access a selected GPO.
+
+Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable.
+
+## Control and history
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>New Controlled GPO</strong></p></td>
+<td align="left"><p>Create a new GPO with change control managed through AGPM and deploy it to the production environment. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the <strong>Group Policy Objects</strong> list.)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>History</strong></p></td>
+<td align="left"><p>Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Reports
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Settings</strong></p></td>
+<td align="left"><p>Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPO(s) from organizational units as of when the GPO(s) was most recently controlled, imported, or checked in.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Differences</strong></p></td>
+<td align="left"><p>Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Editing
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Edit</strong></p></td>
+<td align="left"><p>Open the <strong>Group Policy Management Editor</strong> window to make changes to the selected GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Check Out</strong></p></td>
+<td align="left"><p>Obtain a copy of the selected GPO from the archive for offline editing and prohibit anyone else from editing it until it is checked back into the archive. (Check Out can be overridden by an AGPM Administrator (Full Control).)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Check In</strong></p></td>
+<td align="left"><p>Check the edited version of the selected GPO into the archive, so other authorized Editors can make changes or an Approver can deploy it to the production environment.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Undo Check Out</strong></p></td>
+<td align="left"><p>Return a checked out GPO to the archive without any changes.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Version management
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Import from Production</strong></p></td>
+<td align="left"><p>For the selected GPO, copy the version in the production environment to the archive.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Delete</strong></p></td>
+<td align="left"><p>Move the selected GPO to the Recycle Bin and indicate whether to leave the deployed version (if one exists) in production or to delete it as well as the version in the archive. If you do not have permission to delete a GPO, you will be prompted to submit a request.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Deploy</strong></p></td>
+<td align="left"><p>Move the selected GPO that is checked into the archive to the production environment. This action makes it active on the network and overwrites the previously active version of the GPO if one existed. If you do not have permission to deploy a GPO, you will be prompted to submit a request.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Label</strong></p></td>
+<td align="left"><p>Mark the selected GPO with a descriptive label (such as &quot;Known good&quot;) and comment for record keeping. Labels appear in the <strong>State</strong> column and comments in the <strong>Comment</strong> column of the <strong>History</strong> window, enabling you to easily identify previous versions of a GPO identified with a particular label, so you can roll back if a problem occurs.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Rename</strong></p></td>
+<td align="left"><p>Change the name of the selected GPO. If the GPO has already been deployed, the name will be updated in the production environment when the GPO is redeployed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Save as Template</strong></p></td>
+<td align="left"><p>Create a new template based on the settings of the selected GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Miscellaneous
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Refresh</strong></p></td>
+<td align="left"><p>Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Help</strong></p></td>
+<td align="left"><p>Display help for AGPM.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Contents Tab](contents-tab-agpm30ops.md)
+
+-   [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md)
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/controlled-gpo-commands-agpm40.md

@@ -0,0 +1,210 @@
+---
+title: Controlled GPO Commands
+description: Controlled GPO Commands
+ms.assetid: 370d3db9-4efc-4799-983d-e29ba5f32b07
+author: MaggiePucciEvans
+---
+
+# Controlled GPO Commands
+
+
+The **Controlled** tab:
+
+-   Displays a list of Group Policy Objects (GPOs) managed by Advanced Group Policy Management (AGPM).
+
+-   Provides a shortcut menu with commands for managing GPOs and for displaying the history and reports for GPOs.
+
+-   Displays a list of the groups and users who have permission to access a selected GPO.
+
+Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu. This menu includes whichever of the following options are applicable.
+
+## Control and history
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>New Controlled GPO</strong></p></td>
+<td align="left"><p>Create a new GPO with change control managed through AGPM and deploy it to the production environment of the domain. If you do not have permission to create a GPO, you are prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the <strong>Group Policy Objects</strong> list.)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>History</strong></p></td>
+<td align="left"><p>Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to an earlier version of a GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Reports
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Settings</strong></p></td>
+<td align="left"><p>Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPO(s) from organizational units as of when the GPO(s) was most recently controlled, imported, or checked in.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Differences</strong></p></td>
+<td align="left"><p>Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Editing
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Edit</strong></p></td>
+<td align="left"><p>Open the <strong>Group Policy Management Editor</strong> window to change the selected GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Check Out</strong></p></td>
+<td align="left"><p>Obtain a copy of the selected GPO from the archive for offline editing and prohibit anyone else from editing the GPO until it is checked back into the archive. Check Out can be overridden by an AGPM Administrator (Full Control).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Check In</strong></p></td>
+<td align="left"><p>Check the edited version of the selected GPO into the archive, so other authorized Editors can make changes or an Approver can deploy the GPO to the production environment of the domain.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Undo Check Out</strong></p></td>
+<td align="left"><p>Return a checked out GPO to the archive without any changes.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Version management
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Import from Production</strong></p></td>
+<td align="left"><p>For the selected GPO, copy the version in the production environment of the domain to the archive.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Import from File</strong></p></td>
+<td align="left"><p>Replace the policy settings of the selected, checked-out GPO with those from a GPO backup file.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Delete</strong></p></td>
+<td align="left"><p>Move the selected GPO to the Recycle Bin and indicate whether to leave the deployed version (if one exists) in production or to delete the deployed version in addition to the version in the archive. If you do not have permission to delete a GPO, you are prompted to submit a request.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Deploy</strong></p></td>
+<td align="left"><p>Move the selected GPO that is checked into the archive to the production environment of the domain. This action makes it active on the network and overwrites the previously active version of the GPO if one existed. If you do not have permission to deploy a GPO, you will be prompted to submit a request.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Export to</strong></p></td>
+<td align="left"><p>Save the selected GPO to a backup file so that you can copy it to another domain.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Label</strong></p></td>
+<td align="left"><p>Mark the selected GPO with a descriptive label (such as &quot;Known good&quot;) and comment for record keeping. Labels appear in the <strong>State</strong> column and comments in the <strong>Comment</strong> column of the <strong>History</strong> window. They help you identify earlier versions of a GPO so that you can roll back if a problem occurs.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Rename</strong></p></td>
+<td align="left"><p>Change the name of the selected GPO. If the GPO has already been deployed, the name will be updated in the production environment of the domain when the GPO is redeployed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Save as Template</strong></p></td>
+<td align="left"><p>Create a new template based on the settings of the selected GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Miscellaneous
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Refresh</strong></p></td>
+<td align="left"><p>Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Help</strong></p></td>
+<td align="left"><p>Display help for AGPM.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Contents Tab](contents-tab-agpm40.md)
+
+-   [Performing Editor Tasks](performing-editor-tasks-agpm40.md)
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/controlled-tab.md

@@ -0,0 +1,202 @@
+---
+title: Controlled Tab
+description: Controlled Tab
+ms.assetid: 8995a9e1-ace4-40b7-a47b-e1e9924541ba
+author: MaggiePucciEvans
+---
+
+# Controlled Tab
+
+
+The **Controlled** tab:
+
+-   Displays a list of Group Policy objects (GPOs) managed by Advanced Group Policy Management (AGPM).
+
+-   Provides a shortcut menu with commands for managing GPOs and for displaying the history and reports for GPOs.
+
+-   Displays a list of the groups and users who have permission to access a selected GPO.
+
+Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable.
+
+## Control and history
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>New Controlled GPO</strong></p></td>
+<td align="left"><p>Create a new GPO with change control managed through AGPM and deploy it to the production environment. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the <strong>Group Policy Objects</strong> list.)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>History</strong></p></td>
+<td align="left"><p>Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Reports
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Settings</strong></p></td>
+<td align="left"><p>Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPO(s) from organizational units as of when the GPO(s) was most recently controlled, imported, or checked in.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Differences</strong></p></td>
+<td align="left"><p>Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Editing
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Edit</strong></p></td>
+<td align="left"><p>Open the <strong>Group Policy Object Editor</strong> to make changes to the selected GPO.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Check Out</strong></p></td>
+<td align="left"><p>Obtain a copy of the selected GPO from the archive for offline editing and prohibit anyone else from editing it until it is checked back into the archive. (Check Out can be overridden by an AGPM Administrator (Full Control).)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Check In</strong></p></td>
+<td align="left"><p>Check the edited version of the selected GPO into the archive, so other authorized Editors can make changes or an Approver can deploy it to the production environment.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Undo Check Out</strong></p></td>
+<td align="left"><p>Return a checked out GPO to the archive without any changes.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Version management
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Import from Production</strong></p></td>
+<td align="left"><p>For the selected GPO, copy the version in the production environment to the archive.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Delete</strong></p></td>
+<td align="left"><p>Move the selected GPO to the Recycle Bin and indicate whether to leave the deployed version (if one exists) in production or to delete it as well as the version in the archive. If you do not have permission to delete a GPO, you will be prompted to submit a request.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Deploy</strong></p></td>
+<td align="left"><p>Move the selected GPO that is checked into the archive to the production environment. This action makes it active on the network and overwrites the previously active version of the GPO if one existed. If you do not have permission to deploy a GPO, you will be prompted to submit a request.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Label</strong></p></td>
+<td align="left"><p>Mark the selected GPO with a descriptive label (such as &quot;Known good&quot;) and comment for record keeping. Labels appear in the <strong>State</strong> column and comments in the <strong>Comment</strong> column of the <strong>History</strong> window, enabling you to easily identify previous versions of a GPO identified with a particular label, so you can roll back if a problem occurs.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Rename</strong></p></td>
+<td align="left"><p>Change the name of the selected GPO. If the GPO has already been deployed, the name will be updated in the production environment when the GPO is redeployed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Save as Template</strong></p></td>
+<td align="left"><p>Create a new template based on the settings of the selected GPO.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Miscellaneous
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">Effect</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Refresh</strong></p></td>
+<td align="left"><p>Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Help</strong></p></td>
+<td align="left"><p>Display help for AGPM.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Additional references
+
+-   [Contents Tab](contents-tab.md)
+
+-   [Performing Editor Tasks](performing-editor-tasks.md)
+
+-   [Performing Approver Tasks](performing-approver-tasks.md)
+
+-   [Performing Reviewer Tasks](performing-reviewer-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md

@@ -0,0 +1,50 @@
+---
+title: Create a New Controlled GPO
+description: Create a New Controlled GPO
+ms.assetid: f89eaae8-7858-4222-ba3f-a93a9d7ea5a3
+author: MaggiePucciEvans
+---
+
+# Create a New Controlled GPO
+
+
+New Group Policy Objects (GPOs) created through the **Change Control** folder will automatically be controlled, enabling you to manage them.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To create a new GPO with change control managed through AGPM**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Right-click **Change Control**, and then click **New Controlled GPO**.
+
+3.  In the **New Controlled GPO** dialog box:
+
+    1.  Type a name for the new GPO.
+
+    2.  Optional: Type a comment for the new GPO to be displayed in the **History** for the GPO.
+
+    3.  To immediately deploy the new GPO to the production environment, click **Create live**. To create the new GPO offline without immediately deploying it, click **Create offline**.
+
+    4.  Select the GPO template to use as a starting point for the new GPO.
+
+    5.  Click **OK**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Controlled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain.
+
+### Additional references
+
+-   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/create-a-new-controlled-gpo-agpm40.md

@@ -0,0 +1,48 @@
+---
+title: Create a New Controlled GPO
+description: Create a New Controlled GPO
+ms.assetid: 5ce760f6-9f05-42b4-b787-7835ab8e324e
+author: MaggiePucciEvans
+---
+
+# Create a New Controlled GPO
+
+
+New Group Policy Objects (GPOs) created through the **Change Control** folder will automatically be controlled, enabling you to manage them.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To create a new GPO with change control managed through AGPM**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Right-click **Change Control**, and then click **New Controlled GPO**.
+
+3.  In the **New Controlled GPO** dialog box:
+
+    1.  Type a name for the new GPO.
+
+    2.  Optional: Type a comment for the new GPO to be displayed in the **History** for the GPO.
+
+    3.  To immediately deploy the new GPO to the production environment of the domain, click **Create live**. To create the new GPO offline without immediately deploying it, click **Create offline**.
+
+    4.  Select the GPO template to use as a starting point for the new GPO, and then click **OK**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Controlled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain.
+
+### Additional references
+
+-   [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/create-a-new-controlled-gpo.md

@@ -0,0 +1,50 @@
+---
+title: Create a New Controlled GPO
+description: Create a New Controlled GPO
+ms.assetid: b43ce0f4-4519-4278-83c4-c7d5163ddd11
+author: MaggiePucciEvans
+---
+
+# Create a New Controlled GPO
+
+
+New Group Policy objects (GPOs) created through the **Change Control** node will automatically be controlled, enabling you to manage them with Advanced Group Policy Management (AGPM).
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To create a new GPO with change control managed through AGPM**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Right-click the **Change Control** node, and then click **New Controlled GPO**.
+
+3.  In the **New Controlled GPO** dialog box:
+
+    1.  Type a name for the new GPO.
+
+    2.  Optional: Type a comment for the new GPO to be displayed in the **History** for the GPO.
+
+    3.  To immediately deploy the new GPO to the production environment, click **Create live**. To create the new GPO offline without immediately deploying it, click **Create offline**.
+
+    4.  Select the GPO template to use as a starting point for the new GPO.
+
+    5.  Click **OK**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Controlled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain.
+
+### Additional references
+
+-   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/create-a-template-agpm30ops.md

@@ -0,0 +1,53 @@
+---
+title: Create a Template
+description: Create a Template
+ms.assetid: 8208f14a-5c18-43a7-8564-118230398cca
+author: MaggiePucciEvans
+---
+
+# Create a Template
+
+
+Creating a template enables you to save all of the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs.
+
+**Note**  
+A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
+
+ 
+
+A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To create a template based on an existing GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** or **Uncontrolled** tab to display available GPOs.
+
+3.  Right-click the GPO from which you want to create a template, and then click **Save as Template**.
+
+4.  Type a name for the template and a comment, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab.
+
+### Additional considerations
+
+-   By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain.
+
+-   Renaming or deleting a template does not impact GPOs created from that template.
+
+-   Because it cannot be altered, a template does not have a history.
+
+### Additional references
+
+-   [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm30ops.md)
+
+-   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/create-a-template-agpm40.md

@@ -0,0 +1,53 @@
+---
+title: Create a Template
+description: Create a Template
+ms.assetid: b38423af-7d24-437a-98bc-01f1ae891127
+author: MaggiePucciEvans
+---
+
+# Create a Template
+
+
+Creating a template enables you to save all of the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs.
+
+**Note**  
+A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
+
+ 
+
+A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To create a template based on an existing GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** or **Uncontrolled** tab to display available GPOs.
+
+3.  Right-click the GPO from which you want to create a template, and then click **Save as Template**.
+
+4.  Type a name for the template and a comment, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab.
+
+### Additional considerations
+
+-   By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain.
+
+-   Renaming or deleting a template does not impact GPOs created from that template.
+
+-   Because it cannot be altered, a template does not have a history.
+
+### Additional references
+
+-   [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm40.md)
+
+-   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/create-a-template.md

@@ -0,0 +1,53 @@
+---
+title: Create a Template
+description: Create a Template
+ms.assetid: 6992bd55-4a4f-401f-9815-c468bac598ef
+author: MaggiePucciEvans
+---
+
+# Create a Template
+
+
+Creating a template enables you to save all of the settings of a particular version of a Group Policy object (GPO) to use as a starting point for creating new GPOs.
+
+**Note**  
+A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs.
+
+ 
+
+A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To create a template based on an existing GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** or **Uncontrolled** tab to display available GPOs.
+
+3.  Right-click the GPO from which you want to create a template, then click **Save as Template**.
+
+4.  Type a name for the template and a comment, then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab.
+
+### Additional considerations
+
+-   By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain.
+
+-   Renaming or deleting a template does not impact GPOs created from that template.
+
+-   Because it cannot be altered, a template does not have a history.
+
+### Additional references
+
+-   [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template.md)
+
+-   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md

@@ -0,0 +1,41 @@
+---
+title: Creating a Template and Setting a Default Template
+description: Creating a Template and Setting a Default Template
+ms.assetid: acce0e0f-7e67-479c-9daa-e678fccd7ced
+author: MaggiePucciEvans
+---
+
+# Creating a Template and Setting a Default Template
+
+
+Creating a template enables you to save all the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs. As an Editor, you can also specify which of the available templates will be the default template for all Group Policy administrators creating new GPOs.
+
+Some potential uses for a template include the following:
+
+-   Create a security baseline that your organization can reuse across domains.
+
+-   Create a template to manage folder redirection and offline files that your organization can customize for each department.
+
+-   Create a wireless networking template that your organization can use to configure wireless network connections for different geographical areas.
+
+-   Create regulatory compliance templates for local network administrators.
+
+-   Create a read-only snapshot of an existing GPO.
+
+**Note**  
+A template is a static version of a GPO that cannot be edited, yet can be used as a starting point for creating new, editable GPOs. Renaming or deleting a template does not affect GPOs created from that template.
+
+ 
+
+-   [Create a Template](create-a-template-agpm30ops.md)
+
+-   [Set a Default Template](set-a-default-template-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md

@@ -0,0 +1,41 @@
+---
+title: Creating a Template and Setting a Default Template
+description: Creating a Template and Setting a Default Template
+ms.assetid: ffa72c2a-64eb-4492-8072-c3a66179b546
+author: MaggiePucciEvans
+---
+
+# Creating a Template and Setting a Default Template
+
+
+Creating a template enables you to save all the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs. As an Editor, you can also specify which of the available templates will be the default template for all Group Policy administrators creating new GPOs.
+
+Some potential uses for a template include the following:
+
+-   Create a security baseline that your organization can reuse across domains.
+
+-   Create a template to manage folder redirection and offline files that your organization can customize for each department.
+
+-   Create a wireless networking template that your organization can use to configure wireless network connections for different geographical areas.
+
+-   Create regulatory compliance templates for local network administrators.
+
+-   Create a read-only snapshot of an existing GPO.
+
+**Note**  
+A template is a static version of a GPO that cannot be edited, yet can be used as a starting point for creating new, editable GPOs. Renaming or deleting a template does not affect GPOs created from that template.
+
+ 
+
+-   [Create a Template](create-a-template-agpm40.md)
+
+-   [Set a Default Template](set-a-default-template-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-a-template-and-setting-a-default-template.md

@@ -0,0 +1,29 @@
+---
+title: Creating a Template and Setting a Default Template
+description: Creating a Template and Setting a Default Template
+ms.assetid: 8771b4b5-4dea-4be1-a675-f60cfd3ec5dc
+author: MaggiePucciEvans
+---
+
+# Creating a Template and Setting a Default Template
+
+
+Creating a template enables you to save all of the settings of a particular version of a Group Policy object (GPO) to use as a starting point for creating new GPOs. As an Editor, you can also specify which of the available templates will be the default template for all Group Policy administrators creating new GPOs.
+
+**Note**  
+A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. Renaming or deleting a template does not impact GPOs created from that template.
+
+ 
+
+-   [Create a Template](create-a-template.md)
+
+-   [Set a Default Template](set-a-default-template.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md

@@ -0,0 +1,26 @@
+---
+title: Creating, Controlling, or Importing a GPO
+description: Creating, Controlling, or Importing a GPO
+ms.assetid: ce8b232e-7758-4a6a-9e2f-18967da6cdad
+author: MaggiePucciEvans
+---
+
+# Creating, Controlling, or Importing a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), the GPO must first be controlled by AGPM. New GPOs created through the **Change Control** folder will automatically be controlled. As an Editor, you may not have permission to complete the control, creation, or deletion of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver.
+
+-   [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm30ops.md)
+
+-   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md)
+
+-   [Import a GPO from Production](import-a-gpo-from-production-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md

@@ -0,0 +1,28 @@
+---
+title: Creating, Controlling, or Importing a GPO
+description: Creating, Controlling, or Importing a GPO
+ms.assetid: f2c8bef5-b654-4864-99d4-9207cfb0a137
+author: MaggiePucciEvans
+---
+
+# Creating, Controlling, or Importing a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy object (GPO), you must first control the GPO with AGPM. New GPOs created through the **Change Control** node will automatically be controlled.
+
+-   [Control a Previously Uncontrolled GPO](control-a-previously-uncontrolled-gpo.md)
+
+-   [Create a New Controlled GPO](create-a-new-controlled-gpo.md)
+
+-   [Delegate Access to a GPO](delegate-access-to-a-gpo.md)
+
+-   [Import a GPO from Production](import-a-gpo-from-production-approver.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md

@@ -0,0 +1,28 @@
+---
+title: Creating, Controlling, or Importing a GPO
+description: Creating, Controlling, or Importing a GPO
+ms.assetid: 0cc1b6ee-3335-4d84-9e1c-d1aefabfef51
+author: MaggiePucciEvans
+---
+
+# Creating, Controlling, or Importing a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), you must first control the GPO with AGPM. New GPOs created through the **Change Control** folder will automatically be controlled.
+
+-   [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm30ops.md)
+
+-   [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm30ops.md)
+
+-   [Delegate Management of a Controlled GPO](delegate-management-of-a-controlled-gpo-agpm30ops.md)
+
+-   [Import a GPO from Production](import-a-gpo-from-production-editor-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md

@@ -0,0 +1,26 @@
+---
+title: Creating, Controlling, or Importing a GPO
+description: Creating, Controlling, or Importing a GPO
+ms.assetid: 5259ce25-f570-4346-9f50-6b051724a998
+author: MaggiePucciEvans
+---
+
+# Creating, Controlling, or Importing a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy object (GPO), the GPO must first be controlled by AGPM. New GPOs created through the **Change Control** node will automatically be controlled. As an Editor, you may not have permission to complete the control, creation, or deletion of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver.
+
+-   [Request Control of a Previously Uncontrolled GPO](request-control-of-a-previously-uncontrolled-gpo.md)
+
+-   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md)
+
+-   [Import a GPO from Production](import-a-gpo-from-production-editor.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md

@@ -0,0 +1,28 @@
+---
+title: Creating or Controlling a GPO
+description: Creating or Controlling a GPO
+ms.assetid: ca2fa40e-c6e9-4c57-9da1-e5375df4a2fd
+author: MaggiePucciEvans
+---
+
+# Creating or Controlling a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), you must first control the GPO with AGPM. New GPOs created through the **Change Control** folder will automatically be controlled.
+
+-   [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm40.md)
+
+-   [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm40.md)
+
+-   [Delegate Management of a Controlled GPO](delegate-management-of-a-controlled-gpo-agpm40.md)
+
+-   [Import a GPO from Production](import-a-gpo-from-production-agpm40-app.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md

@@ -0,0 +1,26 @@
+---
+title: Creating or Controlling a GPO
+description: Creating or Controlling a GPO
+ms.assetid: 807f3b3f-ad3d-4851-9772-7f54a065632a
+author: MaggiePucciEvans
+---
+
+# Creating or Controlling a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), the GPO must first be controlled by AGPM. New GPOs created through the **Change Control** folder will automatically be controlled. As an Editor, you may not have permission to complete the control, creation, or deletion of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver.
+
+-   [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm40.md)
+
+-   [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md)
+
+-   [Import a GPO from Production](import-a-gpo-from-production-agpm40-ed.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-access-to-a-gpo.md

@@ -0,0 +1,42 @@
+---
+title: Delegate Access to a GPO
+description: Delegate Access to a GPO
+ms.assetid: f1d6bb6c-d5bf-4080-a6cb-32774689f804
+author: MaggiePucciEvans
+---
+
+# Delegate Access to a GPO
+
+
+An Approver can delegate the management of a controlled Group Policy object (GPO) that was **created by that Approver**. Like an AGPM Administrator (Full Control), the Approver can delegate access to such a GPO, so selected Editors can edit it, Reviewers can review it, and other Approvers can approve it. By default, an Approver cannot delegate access to GPOs created by another Group Policy administrator.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate the management of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate.
+
+3.  Click the **Add** button, select the users or groups to be permitted access, and then click **OK**.
+
+4.  To customize the permissions for each, click the **Advanced** button on the **Contents** tab and check role permissions to allow or deny. (For more detailed control, click **Advanced** in the **Permissions** dialog box.)
+
+5.  Click **Apply**, and then click **OK** in the **Permissions** dialog box.
+
+### Additional considerations
+
+-   By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO.
+
+### Additional references
+
+-   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md

@@ -0,0 +1,58 @@
+---
+title: Delegate Access to an Individual GPO in the Archive
+description: Delegate Access to an Individual GPO in the Archive
+ms.assetid: 7b37b188-2b6b-4e52-be97-8ef899e9893b
+author: MaggiePucciEvans
+---
+
+# Delegate Access to an Individual GPO in the Archive
+
+
+As an AGPM Administrator (Full Control), you can delegate the management of a controlled Group Policy Object (GPO) in the archive so that selected groups and Editors can edit it, Reviewers can review it, and Approvers can approve it.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate the management of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate:
+
+    1.  To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**.
+
+    2.  To remove access for a user or group, select the user or group, and click the **Remove** button.
+
+        **Note**  
+        If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
+
+         
+
+    3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and click **OK**.
+
+        **Note**  
+        Editor and Approver include Reviewer permissions.
+
+         
+
+### Additional considerations
+
+-   By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated.
+
+-   Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Managing the Archive](managing-the-archive.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md

@@ -0,0 +1,58 @@
+---
+title: Delegate Access to an Individual GPO in the Archive
+description: Delegate Access to an Individual GPO in the Archive
+ms.assetid: 284d2aa2-7c10-4ffa-8978-bbe30867c1c1
+author: MaggiePucciEvans
+---
+
+# Delegate Access to an Individual GPO in the Archive
+
+
+As an AGPM Administrator (Full Control), you can delegate the management of a controlled Group Policy Object (GPO) in the archive so that selected groups and Editors can edit it, Reviewers can review it, and Approvers can approve it.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate the management of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate:
+
+    1.  To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**.
+
+    2.  To remove access for a user or group, select the user or group, and click the **Remove** button.
+
+        **Note**  
+        If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
+
+         
+
+    3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and click **OK**.
+
+        **Note**  
+        Editor and Approver include Reviewer permissions.
+
+         
+
+### Additional considerations
+
+-   By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated.
+
+-   Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Managing the Archive](managing-the-archive-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-access-to-an-individual-gpo.md

@@ -0,0 +1,48 @@
+---
+title: Delegate Access to an Individual GPO
+description: Delegate Access to an Individual GPO
+ms.assetid: b2a7d550-14bf-4b41-b6e4-2cc091eedd2d
+author: MaggiePucciEvans
+---
+
+# Delegate Access to an Individual GPO
+
+
+As an AGPM Administrator (Full Control), you can delegate the management of a controlled Group Policy object (GPO), so selected groups and Editors can edit it, Reviewers can review it, and Approvers can approve it.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate the management of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate.
+
+3.  Click the **Add** button, select the users or groups to be permitted access, and then click **OK**.
+
+4.  To customize the permissions for each user or group, click the **Advanced** button on the **Contents** tab and check role permissions to allow or deny. (For more detailed control, click **Advanced** in the **Permissions** dialog box.)
+
+5.  Click **Apply**, and then click **OK** in the **Permissions** dialog box.
+
+### Additional considerations
+
+-   By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Set the permission to apply to **This object and nested objects**. Other permissions must be explicitly delegated.
+
+-   Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+-   Membership in the Group Policy Creator Owners group should be restricted so that it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md

@@ -0,0 +1,98 @@
+---
+title: Delegate Access to the Production Environment
+description: Delegate Access to the Production Environment
+ms.assetid: c1ebae2e-909b-4e64-b368-b7d3cc67b1eb
+author: MaggiePucciEvans
+---
+
+# Delegate Access to the Production Environment
+
+
+You can change access to Group Policy Objects (GPOs) in the production environment, replacing any existing permissions on those GPOs. You can configure permissions at the domain level to either allow or prevent users from editing, deleting, or modifying the security of GPOs in the production environment when they are not using the **Change Control** folder in the Group Policy Management Console (GPMC).
+
+**Note**  
+-   Delegating access to the production environment does not affect users’ ability to link GPOs.
+
+-   When GPOs are controlled or deployed, access for any other accounts except those with **Read** and **Apply** permissions is removed.
+
+ 
+
+A user account that has either the necessary permissions in Advanced Group Policy Management (AGPM) or the role of AGPM Administrator (Full Control) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To change access to GPOs in the production environment**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Click the **Production Delegation** tab.
+
+3.  To add permissions for a user or group that does not have access to the production environment, or to replace the permissions for a user or group that does have access:
+
+    1.  Click **Add**, select a user or group, and then click **OK**.
+
+    2.  Select permissions to delegate to that user or group for the production environment, and then click **OK**.
+
+4.  To remove all permissions to the production environment for a user or group, select the user or group, click **Remove**, and then click **OK**.
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain.
+
+-   Permissions for the AGPM Service Account cannot be changed on the **Production Delegation** tab.
+
+-   By default, the following accounts have permissions for GPOs in the production environment:
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Account</th>
+    <th align="left">Default Permissions for GPOs</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>&lt;AGPM Service Account&gt;</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Authenticated Users</p></td>
+    <td align="left"><p>Read, Apply</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Domain Admins</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Enterprise Admins</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Enterprise Domain Controllers</p></td>
+    <td align="left"><p>Read</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>System</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-access-to-the-production-environment-agpm40.md

@@ -0,0 +1,98 @@
+---
+title: Delegate Access to the Production Environment
+description: Delegate Access to the Production Environment
+ms.assetid: 4c670581-8c47-41ea-80eb-02846ff1ec1f
+author: MaggiePucciEvans
+---
+
+# Delegate Access to the Production Environment
+
+
+In Advanced Group Policy Management (AGPM), you can change access to Group Policy Objects (GPOs) in the production environment of the domain, replacing any existing permissions on those GPOs. You can configure permissions at the domain level to either allow or prevent users from editing, deleting, or modifying the security of GPOs in the production environment when they are not using the **Change Control** folder in the Group Policy Management Console (GPMC).
+
+**Note**  
+-   Changing how access to the production environment is delegated does not affect users' ability to link GPOs.
+
+-   When GPOs are controlled or deployed, access for any other accounts except those with **Read** and **Apply** permissions is removed.
+
+ 
+
+A user account that has either the role of AGPM Administrator (Full Control) or the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To change access to GPOs in the production environment of the domain**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Click the **Production Delegation** tab.
+
+3.  To add permissions for a user or group that does not have access to the production environment, or to replace the permissions for a user or group that does have access:
+
+    1.  Click **Add**, select a user or group, and then click **OK**.
+
+    2.  Select permissions to delegate to that user or group for the production environment, and then click **OK**.
+
+4.  To remove all permissions to the production environment for a user or group, select the user or group, click **Remove**, and then click **OK**.
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain.
+
+-   Permissions for the AGPM Service Account cannot be changed on the **Production Delegation** tab.
+
+-   By default, the following accounts have permissions for GPOs in the production environment:
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Account</th>
+    <th align="left">Default Permissions for GPOs</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>&lt;AGPM Service Account&gt;</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Authenticated Users</p></td>
+    <td align="left"><p>Read, Apply</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Domain Admins</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Enterprise Admins</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Enterprise Domain Controllers</p></td>
+    <td align="left"><p>Read</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>System</p></td>
+    <td align="left"><p>Edit Settings, Delete, Modify Security</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md

@@ -0,0 +1,53 @@
+---
+title: Delegate Domain-Level Access to the Archive
+description: Delegate Domain-Level Access to the Archive
+ms.assetid: d232069e-71d5-4b4d-b22e-bef11de1cfd4
+author: MaggiePucciEvans
+---
+
+# Delegate Domain-Level Access to the Archive
+
+
+Set up delegation for your environment so that Group Policy administrators have the appropriate access to and control over Group Policy Objects (GPOs) in the archive. There are baseline permissions you can apply to make operation more efficient. You can grant permissions in any manner that meets the needs of your organization.
+
+A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate access so that users and groups have appropriate permissions to all GPOs throughout a domain**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Click the **Domain Delegation** tab, and configure access to all GPOs in the domain:
+
+    1.  To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**.
+
+    2.  To remove access for a user or group, select the user or group, and click the **Remove** button.
+
+    3.  To modify the roles and permissions delegated to a user or group, select click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**.
+
+        **Note**  
+        Editor and Approver include Reviewer permissions.
+
+         
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated.
+
+-   Editors must be granted **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Managing the Archive](managing-the-archive.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md

@@ -0,0 +1,53 @@
+---
+title: Delegate Domain-Level Access to the Archive
+description: Delegate Domain-Level Access to the Archive
+ms.assetid: 11ca1d40-4b5c-496e-8922-d01412717858
+author: MaggiePucciEvans
+---
+
+# Delegate Domain-Level Access to the Archive
+
+
+Set up delegation for your environment so that Group Policy administrators have the appropriate access to and control over Group Policy Objects (GPOs) in the archive. There are baseline permissions you can apply to make operation more efficient. You can grant permissions in any manner that meets the needs of your organization.
+
+A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate access so that users and groups have appropriate permissions to all GPOs throughout a domain**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Click the **Domain Delegation** tab, and configure access to all GPOs in the domain:
+
+    1.  To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**.
+
+    2.  To remove access for a user or group, select the user or group, and click the **Remove** button.
+
+    3.  To modify the roles and permissions delegated to a user or group, select click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**.
+
+        **Note**  
+        Editor and Approver include Reviewer permissions.
+
+         
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated.
+
+-   Editors must be granted **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+-   Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Managing the Archive](managing-the-archive-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-domain-level-access.md

@@ -0,0 +1,57 @@
+---
+title: Delegate Domain-Level Access
+description: Delegate Domain-Level Access
+ms.assetid: 64c8e773-38cc-4991-9ed2-5a801094d06e
+author: MaggiePucciEvans
+---
+
+# Delegate Domain-Level Access
+
+
+Set up delegation for your environment so Group Policy administrators have the appropriate access to and control over Group Policy objects (GPOs). There are baseline permissions you can apply to make the operation of Advanced Group Policy Management (AGPM) more efficient. You can grant permissions in any manner that meets the needs of your organization.
+
+A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate access so users and groups have appropriate permissions to all GPOs throughout a domain**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  Click the **Domain Delegation** tab, then click the **Advanced** button.
+
+3.  In the **Permissions** dialog box, click the check box for each role to be assigned to an individual, and then click the **Advanced** button.
+
+    **Note**  
+    Editor and Approver include Reviewer permissions.
+
+     
+
+4.  In the **Advanced Security Settings** dialog box, select a Group Policy administrator, and then click **Edit**.
+
+5.  For **Apply onto**, select **This object and nested objects**, configure any special permissions beyond the standard AGPM roles, then click **OK** in the **Permission** **Entry** dialog box.
+
+6.  In the **Advanced Security Settings** dialog box, click **OK**.
+
+7.  In the **Permissions** dialog box, click **OK**.
+
+### Additional considerations
+
+-   By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Set the permission to apply to **This object and nested objects**. Other permissions must be explicitly delegated.
+
+-   Editors must be granted **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+-   Membership in the Group Policy Creator Owners group should be restricted so that it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.)
+
+### Additional references
+
+-   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md

@@ -0,0 +1,56 @@
+---
+title: Delegate Management of a Controlled GPO
+description: Delegate Management of a Controlled GPO
+ms.assetid: 509b02e7-ce0b-4919-b58a-c3a33051152e
+author: MaggiePucciEvans
+---
+
+# Delegate Management of a Controlled GPO
+
+
+An Approver can delegate the management of a controlled Group Policy Object (GPO) that was created by that Approver. Like an AGPM Administrator (Full Control), the Approver can delegate access to such a GPO so that selected Editors can edit it, Reviewers can review it, and other Approvers can approve it. By default, an Approver cannot delegate access to GPOs created by another Group Policy administrator.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate the management of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate:
+
+    1.  To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**.
+
+    2.  To remove access for a user or group, select the user or group, and then click the **Remove** button.
+
+        **Note**  
+        If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
+
+         
+
+    3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**.
+
+        **Note**  
+        Editor and Approver include Reviewer permissions.
+
+         
+
+### Additional considerations
+
+-   By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated.
+
+-   Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+### Additional references
+
+-   [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md

@@ -0,0 +1,56 @@
+---
+title: Delegate Management of a Controlled GPO
+description: Delegate Management of a Controlled GPO
+ms.assetid: 96b4bfb3-5657-4267-8326-85d7a0db87ce
+author: MaggiePucciEvans
+---
+
+# Delegate Management of a Controlled GPO
+
+
+An Approver can delegate the management of a controlled Group Policy Object (GPO) that was created by that Approver. Like an AGPM Administrator (Full Control), the Approver can delegate access to such a GPO so that selected Editors can edit it, Reviewers can review it, and other Approvers can approve it. By default, an Approver cannot delegate access to GPOs created by another Group Policy administrator.
+
+A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delegate the management of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate:
+
+    1.  To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**.
+
+    2.  To remove access for a user or group, select the user or group, and then click the **Remove** button.
+
+        **Note**  
+        If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab.
+
+         
+
+    3.  To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**.
+
+        **Note**  
+        Editor and Approver include Reviewer permissions.
+
+         
+
+### Additional considerations
+
+-   By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO.
+
+-   To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated.
+
+-   Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation.
+
+### Additional references
+
+-   [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delete-a-controlled-gpo-agpm30ops.md

@@ -0,0 +1,48 @@
+---
+title: Delete a Controlled GPO
+description: Delete a Controlled GPO
+ms.assetid: f51c1737-c116-4faf-a6f6-c72303f60a3b
+author: MaggiePucciEvans
+---
+
+# Delete a Controlled GPO
+
+
+Approvers can delete a controlled Group Policy Object (GPO), moving it to the Recycle Bin.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delete a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO you want to delete, and then click **Delete**.
+
+    -   To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only**.
+
+    -   To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**.
+
+4.  Type a comment to be displayed in the audit trail for the GPO, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. If the GPO was deleted only from the archive, it is also displayed on the **Uncontrolled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO.
+
+-   To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**.
+
+### Additional references
+
+-   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delete-a-controlled-gpo-agpm40.md

@@ -0,0 +1,48 @@
+---
+title: Delete a Controlled GPO
+description: Delete a Controlled GPO
+ms.assetid: 2a461018-aa0b-4ae3-b079-efc554ca4a3d
+author: MaggiePucciEvans
+---
+
+# Delete a Controlled GPO
+
+
+Approvers can delete a controlled Group Policy Object (GPO), moving it to the Recycle Bin.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delete a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO you want to delete, and then click **Delete**.
+
+    -   To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only**.
+
+    -   To delete the GPO from both the archive and production environment of the domain, click **Delete GPO from archive and production**.
+
+4.  Type a comment to be displayed in the audit trail for the GPO, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. If the GPO was deleted only from the archive, it is also displayed on the **Uncontrolled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO.
+
+-   To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**.
+
+### Additional references
+
+-   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delete-a-gpo-approver.md

@@ -0,0 +1,50 @@
+---
+title: Delete a GPO
+description: Delete a GPO
+ms.assetid: 85fca371-5707-49c1-aa51-813fc3a58dfc
+author: MaggiePucciEvans
+---
+
+# Delete a GPO
+
+
+Advanced Group Policy Management (AGPM) enables Approvers to delete a controlled Group Policy object (GPO), moving it to the Recycle Bin.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To delete a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO to delete, and then click **Delete**.
+
+    -   To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only (uncontrol)**.
+
+    -   To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**.
+
+4.  Type a comment to be displayed in the audit trail for the GPO, and then click **OK**.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. If the GPO was deleted only from the archive, it is also displayed on the **Uncontrolled** tab.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to delete a deployed GPO. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO.
+
+-   By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to delete a GPO from the archive. Specifically, you must have **List Contents** and either **Edit Settings** or **Delete GPO** permissions for the GPO.
+
+-   To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**.
+
+### Additional references
+
+-   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/delete-a-gpo-editor.md

@@ -0,0 +1,52 @@
+---
+title: Delete a GPO
+description: Delete a GPO
+ms.assetid: 66be3dde-653e-4c25-8cb7-00e7090c8d31
+author: MaggiePucciEvans
+---
+
+# Delete a GPO
+
+
+As an Editor, you may not have permission to complete the deletion of a Group Policy object (GPO), but you do have the permission necessary to begin the process and submit your request to an Approver.
+
+A user account with the Editor role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To request the deletion of a controlled GPO**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO to delete, and then click **Delete**.
+
+    -   To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only (uncontrol)**.
+
+    -   To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**.
+
+        Unless you have special permission to delete GPOs, you must submit a request for deletion of the deployed GPO. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the audit trail for the GPO, and then click **Submit**.
+
+4.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Recycle Bin** tab, where it can be restored or destroyed.
+
+### Additional considerations
+
+-   By default, you must be an Editor to request the deletion of a deployed GPO. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO.
+
+-   By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to delete a GPO from the archive. Specifically, you must have **List Contents** and either **Edit Settings** or **Delete GPO** permissions for the GPO.
+
+-   To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab.
+
+-   To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**.
+
+### Additional references
+
+-   [Performing Editor Tasks](performing-editor-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md

@@ -0,0 +1,24 @@
+---
+title: Deleting or Restoring a GPO
+description: Deleting or Restoring a GPO
+ms.assetid: ee4a467a-187a-48e3-8f0d-548de0606a56
+author: MaggiePucciEvans
+---
+
+# Deleting or Restoring a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to delete a Group Policy Object (GPO) from the archive or restore a deleted GPO from the Recycle Bin, the GPO must be controlled by AGPM. As an Editor, you may not have permission to complete the deletion or restoration of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver.
+
+-   [Request Deletion of a GPO](request-deletion-of-a-gpo-agpm30ops.md)
+
+-   [Request Restoration of a Deleted GPO](request-restoration-of-a-deleted-gpo-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md

@@ -0,0 +1,24 @@
+---
+title: Deleting or Restoring a GPO
+description: Deleting or Restoring a GPO
+ms.assetid: d4f92f4d-eba7-4e6e-b166-13670864d298
+author: MaggiePucciEvans
+---
+
+# Deleting or Restoring a GPO
+
+
+To use Advanced Group Policy Management (AGPM) to delete a Group Policy Object (GPO) from the archive or restore a deleted GPO from the Recycle Bin, the GPO must be controlled by AGPM. As an Editor, you may not have permission to complete the deletion or restoration of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver.
+
+-   [Request Deletion of a GPO](request-deletion-of-a-gpo-agpm40.md)
+
+-   [Request Restoration of a Deleted GPO](request-restoration-of-a-deleted-gpo-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md

@@ -0,0 +1,26 @@
+---
+title: Deleting, Restoring, or Destroying a GPO
+description: Deleting, Restoring, or Destroying a GPO
+ms.assetid: 3e1b862e-007a-4b60-900f-0489069f5c75
+author: MaggiePucciEvans
+---
+
+# Deleting, Restoring, or Destroying a GPO
+
+
+As an Approver, you can delete a Group Policy Object (GPO) (moving it to the Recycle Bin), restore a GPO from the Recycle Bin (returning it to the archive), or destroy a GPO (permanently deleting it so that it can no longer be restored).
+
+-   [Delete a Controlled GPO](delete-a-controlled-gpo-agpm30ops.md)
+
+-   [Restore a Deleted GPO](restore-a-deleted-gpo-agpm30ops.md)
+
+-   [Destroy a GPO](destroy-a-gpo-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md

@@ -0,0 +1,26 @@
+---
+title: Deleting, Restoring, or Destroying a GPO
+description: Deleting, Restoring, or Destroying a GPO
+ms.assetid: 3af6c396-61c8-4b32-9fd8-28e9f15e575c
+author: MaggiePucciEvans
+---
+
+# Deleting, Restoring, or Destroying a GPO
+
+
+As an Approver, you can delete a Group Policy Object (GPO) (moving it to the Recycle Bin), restore a GPO from the Recycle Bin (returning it to the archive), or destroy a GPO (permanently deleting it so that it can no longer be restored).
+
+-   [Delete a Controlled GPO](delete-a-controlled-gpo-agpm40.md)
+
+-   [Restore a Deleted GPO](restore-a-deleted-gpo-agpm40.md)
+
+-   [Destroy a GPO](destroy-a-gpo-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deleting-restoring-or-destroying-a-gpo.md

@@ -0,0 +1,26 @@
+---
+title: Deleting, Restoring, or Destroying a GPO
+description: Deleting, Restoring, or Destroying a GPO
+ms.assetid: 089c68e7-c1a5-418a-8776-cf23960f10c4
+author: MaggiePucciEvans
+---
+
+# Deleting, Restoring, or Destroying a GPO
+
+
+As an Approver, you can delete a Group Policy object (GPO) (moving it to the Recycle Bin), restore a GPO from the Recycle Bin (returning it to the archive), or destroy a GPO (permanently deleting it so that it can no longer be restored).
+
+-   [Delete a GPO](delete-a-gpo-approver.md)
+
+-   [Restore a Deleted GPO](restore-a-deleted-gpo.md)
+
+-   [Destroy a GPO](destroy-a-gpo.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deploy-a-gpo-agpm30ops.md

@@ -0,0 +1,53 @@
+---
+title: Deploy a GPO
+description: Deploy a GPO
+ms.assetid: 3767b722-db43-40f1-a714-bb8e38bcaa10
+author: MaggiePucciEvans
+---
+
+# Deploy a GPO
+
+
+An Approver can deploy a new or edited Group Policy Object (GPO) to the production environment. For information about redeploying a previous version of a GPO, see [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md).
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To deploy a GPO to the production environment**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO to be deployed and then click **Deploy**.
+
+4.  To review links to the GPO, click **Advanced**. Pause the mouse pointer on an item in the tree to display details.
+
+    -   By default, all links to the GPO will be restored.
+
+    -   To prevent a link from being restored, clear the check box for that link.
+
+    -   To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box.
+
+5.  Click **Yes**. When the **Progress** window indicates that overall progress is complete, click **Close**.
+
+**Note**  
+To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed.
+
+ 
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deploy-a-gpo-agpm40.md

@@ -0,0 +1,53 @@
+---
+title: Deploy a GPO
+description: Deploy a GPO
+ms.assetid: a6febeaa-144b-4c02-99af-d972f0f2b544
+author: MaggiePucciEvans
+---
+
+# Deploy a GPO
+
+
+An Approver can deploy a new or edited Group Policy Object (GPO) to the production environment. For information about redeploying an earlier version of a GPO, see [Roll Back to an Earlier Version of a GPO](roll-back-to-an-earlier-version-of-a-gpo-agpm40.md).
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To deploy a GPO to the production environment**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO to be deployed and then click **Deploy**.
+
+4.  To review links to the GPO, click **Advanced**. Pause the mouse pointer on an item in the tree to display details.
+
+    -   By default, all links to the GPO will be restored.
+
+    -   To prevent a link from being restored, clear the check box for that link.
+
+    -   To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box.
+
+5.  Click **Yes**. When the **Progress** window indicates that overall progress is complete, click **Close**.
+
+**Note**  
+To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed.
+
+ 
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks-agpm40.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/deploy-a-gpo.md

@@ -0,0 +1,53 @@
+---
+title: Deploy a GPO
+description: Deploy a GPO
+ms.assetid: a0a3f292-e3ab-46ae-a0fd-d7b2b4ad8883
+author: MaggiePucciEvans
+---
+
+# Deploy a GPO
+
+
+Advanced Group Policy Management (AGPM) enables an Approver to deploy a new or edited Group Policy object (GPO) to the production environment. For information about redeploying a previous version of a GPO, see [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo.md).
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To deploy a GPO to the production environment**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs.
+
+3.  Right-click the GPO to be deployed and then click **Deploy**.
+
+4.  To review links to the GPO, click **Advanced**. Pause the mouse pointer on a node in the tree to display details.
+
+    -   By default, all links to the GPO will be restored.
+
+    -   To prevent a link from being restored, clear the check box for that link.
+
+    -   To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box.
+
+5.  Click **Yes**. When the **Progress** window indicates that overall progress is complete, click **Close**.
+
+**Note**  
+To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed.
+
+ 
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO.
+
+### Additional references
+
+-   [Performing Approver Tasks](performing-approver-tasks.md)
+
+ 
+
+ 
+
+
+
+
+

mdop/agpm/destroy-a-gpo-agpm30ops.md

@@ -0,0 +1,42 @@
+---
+title: Destroy a GPO
+description: Destroy a GPO
+ms.assetid: bfabd71a-47f3-462e-b86f-5f15762b9e28
+author: MaggiePucciEvans
+---
+
+# Destroy a GPO
+
+
+Approvers can destroy a Group Policy Object (GPO), removing it from the Recycle Bin and permanently deleting it so that it can no longer be restored.
+
+A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic.
+
+**To permanently delete a GPO so it can no longer be restored**
+
+1.  In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs.
+
+2.  On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs.
+
+3.  Right-click the GPO to destroy, and then click **Destroy**.
+
+4.  Click **Yes** to confirm that you want to permanently delete the selected GPO and all backups from the archive.
+
+5.  When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is permanently deleted.
+
+### Additional considerations
+
+-   By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO.
+
+### Additional references
+
+-   [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md)
+
+ 
+
+ 
+
+
+
+
+