How do I set up server functions in NetIQ Group Policy Administrator 5.0? (NETIQKB51931)

  • 7751931
  • 02-Feb-2007
  • 10-Nov-2011

Resolution

goal
How do I set up server functions in NetIQ Group Policy Administrator 5.0?

goal
What do I need to know to plan my deployment of NetIQ Group Policy Administrator (GPA)?

goal
What is a Group Policy Administrator (GPA) Server?

fact

NetIQ Group Policy Administrator 5.0



fix

There are three core Server features of NetIQ Group Policy Administrator (GPA):

  • Centralized Event Logging of important Repository user actions
  • Email notification on Repository user actions to support change management workflow
  • Export account overrride to provide a tighter security model

Configure these settings using the GPA Server Configuration utility.

To plan your deployment of NetIQ Group Policy Administrator (GPA), it is important to understand that a GPA Server can only service domains that have trust relationships to the domain where you installed GPA Server. To export a Group Policy Object (GPO) to a target domain requires a trust relationship between the GPA Server and the target domain to authenticate the write permissions of the Microsoft Windows user account.

A group of trusted domains requires only one GPA Server. Multiple groups of domains without trust relationships between groups require one GPA Server per group. The GPA Console provides GPA Server configuration on a domain basis. An administrative user must assign a GPA Server to each managed domain within the Repository.

Before enabling or configuring a GPA Server, confirm the GPA Server is:

  • Properly installed
  • In the list of Local Intranet Sites on the managing GPA Console

To confirm the GPA Server is properly installed, perform the following steps: 

  1. Start the GPA Console.
  2. Expand the GP Repository > Repository Server node.
  3. Right-click the Repository Domain node and select Properties.
  4. Select the Server Config tab.
  5. Enter the IP address or hostname of the GPA Server and click Verify.

Note: If the GPA Server is installed properly, a confirmation message box appears.  If an error message appears, the GPA Server installation is not correct.

To confirm the GPA Server is in the list of Local Intranet Sites on the Console, perform the following steps: 

  1. Launch Internet Explorer.
  2. From the menu bar, click Tools > Internet Options > Security tab >  Local intranet > Sites.
  3. If the GPA Server computer is not listed, add it explicitly as: http://<IP address> or <hostname>


fix

You can configure GPA to record information about GPO changes made with GPA in the Windows application event log. GPA records information for the following GPO changes:

  • Import GPO
  • Export GPO
  • Create GPO
  • Check In GPO
  • Check Out GPO
  • Approve GPO

The information GPA records in the Windows application event log includes:

  • GPO Name
  • GPO Version
  • GPO Category and domain
  • Type of change
    • Import
    • Export
    • Create
    • Check In
    • Check Out
    • Approve
  • Any comments
  • User account that made the GPO change
  • Client and GP Repository where the change was made
  • Time of the GPO change

To configure GPA Event Logging, perform the following steps:

  1. Log onto the computer where you installed the GPA Server with an account that has domain administrator permissions.
  2. Start the GPA Server Configuration utility in the Group Policy Administration program folder.
  3. Under Centralized Event Logging, select Enable Event Logging, and then click OK.


fix

Configuring GPO Change Email Notification:

  1. Log onto the computer where you installed the GPA Server with an account that has domain administrator permissions.
  2. Start the GPA Server Configuration utility in the Group Policy Administration program folder.
  3. Under Notifications, select Enable Notifications.
  4. In the SMTP Server field, type the name of the SMTP server that will send email notifications.
  5. In the Mail From field, type the sender?s email address. You must use a valid SMTP email address format, but the address you specify does not need to be a working email account.
  6. In the Notifications section, click Test.
  7. In the Target SMTP Address field, type the email address where you want to send the test email, and then click Send.
  8. Click OK.
  9. Confirm receipt of the test email message.
  10. In the left pane, expand GP Repository, and select the Microsoft SQL Server.
  11. On the Action menu, click Configure Notification.
  12. Click Add.
  13. Click Manage.
  14. In the Recipient Name field, type the name of the person who will receive email notifications.
  15. In the Recipient Email field, type the email address for the person who will receive notifications.
  16. Click Add.
  17. Click Close.
  18. In the Recipients list, select the name of the person who will receive notifications.
  19. In the Objects Tree, select the domain, category, or GPO for which you want to send notifications.
  20. In the Operations list, select the operations for which you want to send notifications, and then click OK.
  21. GPA displays a summary of configured notifications. Ensure the correct name appears in the Notification Recipient column for each operation, and then click Close.


fix

To configure GPA to use the Export Override account:

  1. Log onto the GPA Console computer with an account that has GPA Security Manager permissions for the GP Repository domain you want to configure with an Export Override account.
  2. Start the GPA Console in the Group Policy Administration program folder.
  3. In left pane, expand GP Repository and select the domain you want to configure to use the Export Override account.
  4. On the Action menu, click Properties.
  5. On the Export Override tab, select the Use export override check box.
  6. To enable Export Override, select Use Export Override checkbox.
  7. In the Password, field type the password for the account.
  8. In the Confirm Password field, type the password again, and then click OK.


note
The GPA Server Configuration utility is available only on the computer where you installed the GPA Server. You must run the GPA Server Configuration utility locally. Start the GPA Server Configuration utility in the Group Policy Administration program folder.

note
For more information regarding the hardware, software and network requirements for the NetIQ GPA Management Console and Repository Server version 5.0, see NETIQKB51919 or refer to the Group Policy Administator User Guide.

Additional Information

Formerly known as NETIQKB51931

Feedback service temporarily unavailable. For content questions or problems, please contact Support.