The installation process properly configures the GP Repository. You might need to change settings on the GP Repository after installation, such as the Repository Authorization Code or the GPA Security account. For example, you might need to change the Repository Authorization Code if it is no longer secure.
Additionally, you can customize the following GPO options:
GPO Check In and Check Out
GPO Backup
Link Order
GPO Naming
GPO Paste
GPO Migration
GP Editor Link Security
GP Extensions
To customize GPOs in the GP Repository:
Log on to a GPA Console computer with an account that has Customize Deployment Options permissions in GPA and database administrator permissions for Microsoft SQLÂ Server.
Start the GPA Console in the Group Policy Administrator program group.
In the left pane, expand GP Repository and select the GP Repository you want to configure.
Click Action > Properties.
Click Customize Options.
If you want to change GPO Check In and Check Out options, see GPO Check In and Check Out Options.
If you want to change GPO backup options, see GPO Backup Options.
If you want to retain link order during operations, select Retain Existing AD Link Order upon Export and for RSoP Reports.
If you want to prevent duplicate GPO names, select Do not allow GPOs with same Name.
If you want to change GPO Paste options, see Section 3.1.2, GPO Paste Options.
If you want to change GPO migration and synchronization options, see Section 3.1.3, GPO Migration and Synchronization Options.
If you want to specify where GP Editors can link GPOs, see Section 3.1.4, Enabling GP Editor Link Security.
If you want to enable GPA to use third-party extensions on a central store, see Section 3.1.5, Enabling GP Extensions.
You can configure how you check in and check out GPOs from the GP Repository. For example, you can configure the GP Repository to display a Comments dialog in the GPA Console when you check in or check out a GPO. Displaying the Comments dialog is useful to maintain detailed notes about changes to GPOs, such as the purpose of the change or who requested the change.
To configure the check in and check out options:
Follow the steps for Section 3.1.1, Configuring GPO Options.
If you want to enable check out options, under Check In/Out Options, select the options you want to enable, and then click OK.
If you want to disable check out options, under Check In/Out Options, clear the options you want to disable, and then click OK.
Click OK.
You can configure whether GPA creates backup copies of GPOs when you export GPOs from the GP Repository. Creating a backup copy of a GPO in Active Directory before you export the same GPO from the GP Repository enables you to recover the Active Directory version of the GPO. Recovering the Active Directory version of the GPO is useful if you decide not to implement the GP Repository version of the GPO in Active Directory. You can also configure the GP Repository to recover the Active Directory version of a GPO if an export from the GP Repository fails.
To configure GPO backup options:
Follow the steps for Section 3.1.1, Configuring GPO Options.
If you want to enable backup options, under Backup Options, select the options you want to enable, and then click OK.
If you want to disable backup options, under Backup Options, clear the options you want to disable, and then click OK.
Click OK.
You can set an option to retain AD link order during exports and for RSoP reports. Select Retain Existing AD Link Order upon export and for RSoP Reports in the Link Order section.
You can prevent users from creating different GPOs with duplicate names. Select Do not allow GPOs with same Name in the GPO Naming section.
By default, copying and pasting a GPO in the GP Repository includes all GPO properties. You can change the GPO copy and paste options to exclude the following properties:
GPO settings
GPO name
GPO security filters
GPO WMI filters
GPO links
To customize GPO copy and paste options:
Follow the steps for Section 3.1.1, Configuring GPO Options.
Click the Paste tab.
If you want to enable paste options, select the options you want to enable.
If you want to disable paste options, clear the options you want to disable.
If you want to enforce the default settings, select Enforce Default Paste Settings.
If you do not select Enforce Default Paste Settings, GPA displays the GPO Paste Options window to allow GPA administrators to customize the paste options when pasting GPOs.
Click OK until you close the window.
By default, GPA does not maintain migration logs. If you enable migration logs, GPA saves every GPO migration in a log file on the computer where you initiated the migration. GPA saves the MigrateReport.log file in the following location:
C:\Program Files (x86)\NetIQ\Group Policy Administrator\Log Files
Migration logs record how GPA applied the migration map to a GPO during the migration. The migration mapping information is useful for diagnosing problems, such as a GPO that has incorrect settings after a migration.
To enable migration logs:
Follow the steps for Section 3.1.1, Configuring GPO Options.
Click the GPO Migration tab.
Select Enable Migration Log.
Click OK, and then click OK again.
By default, users who migrate GPOs must have Migrate GPO permissions in both the source and target domains. If you want users to be able to migrate GPOs when they have Migrate GPO permissions only on the target domain, select Enable Unidirectional Migration on the GPO Migration tab.
To enable unidirectional GPO migration:
Follow the steps for Section 3.1.1, Configuring GPO Options.
Click the GPO Migration tab.
Select Enable Unidirectional Migration.
Click OK until you close the window.
By default, a GPO migration or synchronization includes all GPO properties. You can change the migration and synchronization options to exclude the following GPO properties:
Delegation rights
Active Directory links
WMI filters
Excluding GPO properties is useful for GPO migrations when certain properties do not apply to the domain where you are migrating the GPO.
You can also select whether to update GPO names during migrations.
To customize GPO migration and synchronization options:
Follow the steps for Section 3.1.1, Configuring GPO Options.
If you want to exclude certain GPO properties during migration and synchronization, under GPO Properties to Exclude During a Migration/Synchronization, select the options you want to exclude, and then click OK.
If you want to include certain GPO properties during migration and synchronization, under GPO Properties to Exclude During a Migration/Synchronization, clear the options you want to include, and then click OK.
If you changed the name of the GPO and want the name change reflected in the target domain, select Update GPO Name. This option applies only to GPOs you migrate, not synchronize.
Click OK.
GPA allows the GP administrator to specify where GP Editors can link GPOs at a domain, OU, and site level, providing granular management of GP security. GPA disables this feature by default, which allows GP Editors to link GPOs to any domain, OU, or site. When you enable this feature, GP administrators can select which targets GP Editors can link GPOs to.
To enable GP Editor Link Security:
Expand GP Repository and select the repository to configure.
Click Action > Properties.
Click Customize Options, and then click the GP Editor Link Security tab.
Select Enable GP Editor Link Security, and then click OK.
For more information about configuring GP Editor Link Security, see Section 5.2.8, Configuring GP Editor Link Security.
If you are using a third-party application to manage GP extensions, GPA allows you to store and edit these GPOs in the GP Repository when you select an option. This option is disabled by default. After you enable the option, when you edit a GPO in the GP Repository, GPA handles the PolicyPak extensions from a central store and a local store.
To enable editing GP extensions from third-party applications:
Follow the steps for Section 3.1.1, Configuring GPO Options.
Click the GP Extensions tab.
Select Enable third-party GP extensions in the GP Repository.
Click OK until you close the window.