How do I set up server functions in NetIQ Group Policy Administrator 4.5? (NETIQKB44059)

  • Document ID:7744059
  • Creation Date:02-Feb-2007
  • Modified Date:08-Sep-2008
    • Micro Focus Products:
      Group Policy Administrator

Resolution

goal
How do I set up server functions in NetIQ Group Policy Administrator 4.5?

goal
What do I need to know to plan my deployment of NetIQ Group Policy Administrator (GPA)?

goal
What is a Group Policy Administrator (GPA) Server?

fact

NetIQ Group Policy Administrator 4.0



fact

NetIQ Group Policy Administrator 4.5



fix

There are three core Server features of NetIQ Group Policy Administrator (GPA):

  • Logging of important Repository user actions
  • Email notification on Repository user actions to support change management workflow
  • Export account overrride to provide a tighter security model

To plan your deployment of NetIQ Group Policy Administrator (GPA), it is important to understand that a GPA Server can only service domains that have trust relationships to the domain where you installed GPA Server. To export a Group Policy Object (GPO) to a target domain requires a trust relationship between the GPA Server and the target domain to authenticate the write permissions of the Microsoft Windows user account.

A group of trusted domains requires only one GPA Server. Multiple groups of domains without trust relationships between groups require one GPA Server per group. The GPA Console provides GPA Server configuration on a domain basis. An administrative user must assign a GPA Server to each managed domain within the Repository.

Before enabling or configuring a GPA Server, confirm the GPA Server is:

  • Properly installed
  • In the list of Local Intranet Sites on the managing GPA Console

To confirm the GPA Server is properly installed, perform the following steps: 

  1. Start the GPA Console.
  2. Expand the GP Repository > Repository Server node.
  3. Right-click the Repository Domain node and select Properties.
  4. Select the Server Config tab.
  5. Enter the IP address or hostname of the GPA Server and click Verify.

Note: If the GPA Server is installed properly, a confirmation message box appears.  If an error message appears, the GPA Server installation is not correct.

To confirm the GPA Server is in the list of Local Intranet Sites on the Console, perform the following steps: 

  1. Launch Internet Explorer.
  2. From the menu bar, click Tools > Internet Options > Security tab >  Local intranet > Sites.
  3. If the GPA Server computer is not listed, add it explicitly as: http://<IP address> or <hostname>.


fix

To enable Event Logging, perform the following steps:

  1. Start the GPA Console.
  2. Expand GP Repository >  Repository Server node.
  3. Right-click the Repository Domain node and select Properties.
  4. Select the Server Config tab.
  5. Enter the IP address or hostname of the GPA Server and click Verify.
  6. Select the Enable Logging and Notification checkbox and click OK.

To test Event Logging, perform the following steps:

  1. Check Out any GPO within the Repository.
  2. Check the Application Log on the GPA Server for an event with source NetIQ GPA  and a description similar to the following:

   Object Name : Default Domain Policy
   GUID        : {05A917B2-31B0-4AA5-AD6A-A7D54595739E}
   Operation   : CheckOut
   By User     : F2K\administrator
   Time        : 12/4/2003 1:32:46 PM



fix

To enable Workflow Notification, perform the following steps:

  1. Start the GPA Console.
  2. Expand GP Repository > Repository Server node.
  3. Right-click the Repository Domain node and select Properties.
  4. Select theServer Config tab.
  5. Enter the IP address or hostname of the GPA Server and click Verify.
  6. Select the Enable Logging and Notification checkbox.
  7. Click Configure.
  8. Enter the SMTP address and the from address. The Internet From address must adhere to Internet email standards: name@domain where name and domain are alphanumeric. Spaces are not allowed.  Also, ensure the SMTP server address is correct.   Whether entering an IP address or DNS name, confirm you can "ping" it from the GPA Console (use the ping command from a DOS window).
  9. Click OK.  

GPA provides for SMTP email notifications to any SMTP server running on the default TCP port 25. After specifying the location of the SMTP server, an admin user should create notification rules identifying what users to notify about what GPO operations. Once the SMTP Server is configured, notifications are sent only if there is a match to the notification rules.



fix

To configure Notification Rules, perform the following steps:

  1. Start the GPA Console.
  2. Right-click the Repository Server Node and select Configure Notification...
  3. Click Add.
  4. Select from existing recipient definitions in the drop-down list or click the Manage button to add a new recipient. (A recipient is a logical name/alias and a corresponding Internet email address.)
  5. Select a scope within the Repository in the left pane such adomain, category or GPO. 
  6. Select one or more operations in the right pane.
  7. Click Apply and OK.
  8. Click Close on the Configuration Dialog window.


fix

To enable Export Override, perform the following steps:

  1. Start the GPA Console.
  2. Expand GP Repository> Repository Server node.
  3. Right-click the Repository Domain node and select Properties.
  4. Select the Server Config tab.
  5. Enter the IP Address or hostname of the GPA Server and click Verify.
  6. To enable Export Override, select Use Export Override checkbox.
  7. Click Configure in the Export Override section.
  8. Enter the credentials of an account that has the appropriate rights in Active Directory for GPO creation and modifications. 
  9. Click OK.  


note
For more information regarding the hardware, software and network requirements for the NetIQ GPA Management Console and Repository Server version 4.5, see NETIQKB44058 or refer to the Group Policy Administator User Guide.

Additional Information

Formerly known as NETIQKB44059